-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: adds test infrastructure to run acceptance tests on PRs #1553
Conversation
steps: | ||
- uses: actions/checkout@v4 | ||
if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' || inputs.parent-event-name == 'release' }} | ||
- uses: dorny/paths-filter@v2 | ||
id: filter | ||
with: | ||
filters: | | ||
assume_role: | ||
- 'mongodbatlas/**provider**.go' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this seems very broad and it's also matched e.g. in config, what list of files do we want to match here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought of making it broad because I'd thought it should run for all PR changes since it's an authentication type of test. Happy to change here later if we see it's not worth it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in that case we may want to have it in the general "config" group instead of a separated asssume-role group.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's see how it goes, I'll keep this comment into account to improve things. Let us just see how it works.
* adds test coverage. * pre-check that regular credentials env variables are not set. * feat: adds test infrastructure to run acceptance tests on PRs (#1553) * adds test infra. * fix.
…with an AWS Role (#1551) * set all possible default values taken from environment varialbes (if exist). * addresses comments. * feat: adds test coverage for AWS Role Authentication (#1552) * adds test coverage. * pre-check that regular credentials env variables are not set. * feat: adds test infrastructure to run acceptance tests on PRs (#1553) * adds test infra. * fix. * Update mongodbatlas/provider.go Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com> * Update mongodbatlas/provider.go Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com> * addresses comments. --------- Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com>
* fixed region value when creating configuration for aws role authentication. * restore go.mod and go.sum. * separates logic into util func. * feat: adds more environment variables to be used when authenticating with an AWS Role (#1551) * set all possible default values taken from environment varialbes (if exist). * addresses comments. * feat: adds test coverage for AWS Role Authentication (#1552) * adds test coverage. * pre-check that regular credentials env variables are not set. * feat: adds test infrastructure to run acceptance tests on PRs (#1553) * adds test infra. * fix. * Update mongodbatlas/provider.go Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com> * Update mongodbatlas/provider.go Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com> * addresses comments. --------- Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com> --------- Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com>
assume_role: | ||
needs: [ change-detection, fetch-sts-assume-role-creds] | ||
if: ${{ needs.change-detection.outputs.config == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' || github.event.label.name == 'run-testacc' || github.event.label.name == 'run-testacc-config' || inputs.parent-event-name == 'release' }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Set up Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: 'go.mod' | ||
- name: Acceptance Tests | ||
env: | ||
ASSUME_ROLE_ARN: ${{ vars.ASSUME_ROLE_ARN }} | ||
AWS_REGION: ${{ vars.AWS_REGION }} | ||
STS_ENDPOINT: ${{ vars.STS_ENDPOINT }} | ||
SECRET_NAME: ${{ vars.AWS_SECRET_NAME }} | ||
AWS_ACCESS_KEY_ID: ${{ needs.fetch-sts-assume-role-creds.outputs.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ needs.fetch-sts-assume-role-creds.outputs.AWS_SECRET_ACCESS_KEY }} | ||
AWS_SESSION_TOKEN: ${{ needs.fetch-sts-assume-role-creds.outputs.AWS_SESSION_TOKEN }} | ||
MONGODB_ATLAS_ORG_ID: ${{ vars.MONGODB_ATLAS_ORG_ID_CLOUD_DEV }} | ||
MONGODB_ATLAS_BASE_URL: ${{ vars.MONGODB_ATLAS_BASE_URL }} | ||
ACCTEST_TIMEOUT: ${{ vars.ACCTEST_TIMEOUT }} | ||
TF_LOG: ${{ vars.LOG_LEVEL }} | ||
TF_ACC: 1 | ||
PARALLEL_GO_TEST: 20 | ||
CI: true | ||
TEST_REGEX: "^TestAccSTSAssumeRole" | ||
run: make testacc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@marcosuma This change is leaking our AWS credentials:
https://github.com/mongodb/terraform-provider-mongodbatlas/actions/runs/6728120776/job/18286966224#step:4:10. Please revert this change and recreate our AWS keys
Description
Link to any related issue(s): https://jira.mongodb.org/browse/INTMDB-1034
Type of change:
Required Checklist:
Further comments