Some test fixes

.github/workflows/run-tests-command.yml

@@ -41,7 +41,7 @@ jobs:
       run: echo ::set-output
         name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
     - name: Update with Result
-      uses: peter-evans/create-or-update-comment@v1
+      uses: peter-evans/create-or-update-comment@v4
       with:
         body: |-
           Please view the results of the PR Build [Here][1]
@@ -59,7 +59,7 @@ jobs:
     - name: Checkout Repo
       uses: actions/checkout@v3
     - name: Setup DotNet
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{matrix.dotnetversion}}
     - name: Install Pulumi CLI
@@ -90,7 +90,7 @@ jobs:
     - name: Checkout Repo
       uses: actions/checkout@v3
     - name: Install Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: ${{matrix.goversion}}
     - name: Install Pulumi CLI
@@ -123,24 +123,24 @@ jobs:
     - name: Checkout Repo
       uses: actions/checkout@v3
     - name: Setup DotNet
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{matrix.dotnetversion}}
     - name: Setup Node
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v4
       with:
         node-version: ${{matrix.nodeversion}}
         registry-url: https://registry.npmjs.org
     - name: Setup Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: ${{matrix.pythonversion}}
     - name: Install Python deps
       run: |-
         pip3 install virtualenv==20.0.23
         pip3 install pipenv
     - name: Install Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: ${{matrix.goversion}}
     - name: Install aws-iam-authenticator
@@ -170,20 +170,20 @@ jobs:
 
         helm repo add bitnami https://charts.bitnami.com/bitnami
     - name: Authenticate to Google Cloud
-      uses: google-github-actions/auth@v0
+      uses: google-github-actions/auth@v2
       with:
         service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
         workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{
           env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
           env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
     - name: Setup gcloud auth
-      uses: google-github-actions/setup-gcloud@v0
+      uses: google-github-actions/setup-gcloud@v2
       with:
         install_components: gke-gcloud-auth-plugin
     - name: Login to Google Cloud Registry
       run: gcloud --quiet auth configure-docker
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-region: ${{ env.AWS_REGION }}
@@ -239,9 +239,9 @@ jobs:
     runs-on: ${{ matrix.platform }}
     steps:
     - name: Checkout Repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Setup Node
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v4
       with:
         node-version: ${{matrix.nodeversion}}
         registry-url: https://registry.npmjs.org
@@ -277,24 +277,24 @@ jobs:
     - name: Checkout Repo
       uses: actions/checkout@v3
     - name: Setup DotNet
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{matrix.dotnetversion}}
     - name: Setup Node
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v4
       with:
         node-version: ${{matrix.nodeversion}}
         registry-url: https://registry.npmjs.org
     - name: Setup Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: ${{matrix.pythonversion}}
     - name: Install Python deps
       run: |-
         pip3 install virtualenv==20.0.23
         pip3 install pipenv
     - name: Install Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: ${{matrix.goversion}}
     - name: Install aws-iam-authenticator
@@ -324,20 +324,20 @@ jobs:
 
         helm repo add bitnami https://charts.bitnami.com/bitnami
     - name: Authenticate to Google Cloud
-      uses: google-github-actions/auth@v0
+      uses: google-github-actions/auth@v2
       with:
         service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
         workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{
           env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
           env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
     - name: Setup gcloud auth
-      uses: google-github-actions/setup-gcloud@v0
+      uses: google-github-actions/setup-gcloud@v2
       with:
         install_components: gke-gcloud-auth-plugin
     - name: Login to Google Cloud Registry
       run: gcloud --quiet auth configure-docker
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-region: ${{ env.AWS_REGION }}
@@ -406,7 +406,7 @@ jobs:
     - name: Checkout Repo
       uses: actions/checkout@v3
     - name: Setup Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: ${{matrix.pythonversion}}
     - name: Install Python deps
@@ -464,24 +464,24 @@ jobs:
     - name: Checkout Repo
       uses: actions/checkout@v3
     - name: Setup DotNet
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{matrix.dotnetversion}}
     - name: Setup Node
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v4
       with:
         node-version: ${{matrix.nodeversion}}
         registry-url: https://registry.npmjs.org
     - name: Setup Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: ${{matrix.pythonversion}}
     - name: Install Python deps
       run: |-
         pip3 install virtualenv==20.0.23
         pip3 install pipenv
     - name: Install Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: ${{matrix.goversion}}
     - name: Install aws-iam-authenticator
@@ -511,21 +511,21 @@ jobs:
 
         helm repo add bitnami https://charts.bitnami.com/bitnami
     - name: Authenticate to Google Cloud
-      uses: google-github-actions/auth@v0
+      uses: google-github-actions/auth@v2
       with:
         service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
         workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
           }}/locations/global/workloadIdentityPools/${{
           env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
           env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
     - name: Setup gcloud auth
-      uses: google-github-actions/setup-gcloud@v0
+      uses: google-github-actions/setup-gcloud@v2
       with:
         install_components: gke-gcloud-auth-plugin
     - name: Login to Google Cloud Registry
       run: gcloud --quiet auth configure-docker
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-region: ${{ env.AWS_REGION }}
@@ -571,24 +571,24 @@ jobs:
     - name: Checkout Repo
       uses: actions/checkout@v3
     - name: Setup DotNet
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{matrix.dotnetversion}}
     - name: Setup Node
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v4
       with:
         node-version: ${{matrix.nodeversion}}
         registry-url: https://registry.npmjs.org
     - name: Setup Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: ${{matrix.pythonversion}}
     - name: Install Python deps
       run: |-
         pip3 install virtualenv==20.0.23
         pip3 install pipenv
     - name: Install Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: ${{matrix.goversion}}
     - name: Install aws-iam-authenticator
@@ -618,21 +618,21 @@ jobs:
 
         helm repo add bitnami https://charts.bitnami.com/bitnami
     - name: Authenticate to Google Cloud
-      uses: google-github-actions/auth@v0
+      uses: google-github-actions/auth@v2
       with:
         service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
         workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
           }}/locations/global/workloadIdentityPools/${{
           env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
           env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
     - name: Setup gcloud auth
-      uses: google-github-actions/setup-gcloud@v0
+      uses: google-github-actions/setup-gcloud@v2
       with:
         install_components: gke-gcloud-auth-plugin
     - name: Login to Google Cloud Registry
       run: gcloud --quiet auth configure-docker
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-region: ${{ env.AWS_REGION }}

aws-ts-lambda-efs/index.ts

@@ -4,6 +4,7 @@ import * as aws from "@pulumi/aws";
 import * as apigateway from "@pulumi/aws-apigateway";
 import * as awsx from "@pulumi/awsx";
 import * as pulumi from "@pulumi/pulumi";
+import * as time from "@pulumiverse/time";
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from "aws-lambda";
 import * as cp from "child_process";
 import * as fs from "fs";
@@ -14,9 +15,30 @@ export = async () => {
     const vpc = new awsx.ec2.Vpc("vpc", {
         subnetStrategy: "Auto",
         enableDnsHostnames: true,
+        enableDnsSupport: true,
     });
     const subnetIds = await vpc.publicSubnetIds;
 
+    const securityGroup = new aws.ec2.SecurityGroup("group", {
+        vpcId: vpc.vpcId,
+        ingress: [
+            {
+                fromPort: 443,
+                toPort: 443,
+                protocol: "tcp",
+                cidrBlocks: ["0.0.0.0/0"],
+            },
+        ],
+        egress: [
+            {
+                fromPort: 0,
+                toPort: 0,
+                protocol: "-1",
+                cidrBlocks: ["0.0.0.0/0"],
+            },
+        ],
+    });
+
     // EFS
     const filesystem = new aws.efs.FileSystem("filesystem");
 
@@ -26,7 +48,7 @@ export = async () => {
             targetArray.push(new aws.efs.MountTarget(`fs-mount-${i}`, {
                 fileSystemId: filesystem.id,
                 subnetId: subnetIds[i],
-                securityGroups: [vpc.vpc.defaultSecurityGroupId],
+                securityGroups: [securityGroup.id],
             }));
         }
         return targetArray;
@@ -38,17 +60,42 @@ export = async () => {
         rootDirectory: { path: "/www", creationInfo: { ownerGid: 1000, ownerUid: 1000, permissions: "755" } },
     }, { dependsOn: targets });
 
+    // Add a 60-second delay to compensate for an eventual-consistency issue.
+    // See https://github.com/hashicorp/terraform-provider-aws/issues/29828 for details.
+    // This can be removed when the issue above is resolved.
+    const delay = new time.Sleep("delay", {
+        createDuration: "60s"},
+    { dependsOn: targets });
+
+    const lambdaRole = new aws.iam.Role("lambda-role", {
+        assumeRolePolicy: JSON.stringify({
+            Version: "2012-10-17",
+            Statement: [{
+                Action: "sts:AssumeRole",
+                Principal: {
+                    Service: "lambda.amazonaws.com",
+                },
+                Effect: "Allow",
+            }],
+        }),
+        managedPolicyArns: [
+            aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole,
+            aws.iam.ManagedPolicy.LambdaFullAccess,
+        ],
+    });
+
     // Lambda
     function efsvpcCallback(name: string, f: aws.lambda.Callback<APIGatewayProxyEvent, APIGatewayProxyResult>) {
         return new aws.lambda.CallbackFunction(name, {
-            policies: [aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole, aws.iam.ManagedPolicy.LambdaFullAccess],
+            role: lambdaRole,
+
             vpcConfig: {
                 subnetIds: vpc.privateSubnetIds,
-                securityGroupIds: [vpc.vpc.defaultSecurityGroupId],
+                securityGroupIds: [securityGroup.id],
             },
             fileSystemConfig: { arn: ap.arn, localMountPath: "/mnt/storage" },
             callback: f,
-        }, {dependsOn: targets});
+        }, { dependsOn: [ delay ]});
     }
 
     // API Gateway
@@ -114,7 +161,7 @@ export = async () => {
         taskDefinitionArgs: {
             container: {
                 image: "nginx",
-                name: "niginx",
+                name: "nginx",
                 memory: 128,
                 portMappings: [{ containerPort: 80, hostPort: 80, protocol: "tcp" }],
                 mountPoints: [{ containerPath: "/usr/share/nginx/html", sourceVolume: efsVolume.name }],
@@ -123,7 +170,7 @@ export = async () => {
         },
         platformVersion: "1.4.0",
         networkConfiguration: {
-            securityGroups: [vpc.vpc.defaultSecurityGroupId],
+            securityGroups: [securityGroup.id],
             subnets: vpc.publicSubnetIds,
             assignPublicIp: true,
         },
@@ -133,5 +180,4 @@ export = async () => {
     return {
         url: api.url,
     };
-
 };

aws-ts-lambda-efs/package.json

@@ -6,6 +6,7 @@
         "@pulumi/aws-apigateway": "^2.1.1",
         "@pulumi/awsx": "^2.0.0",
         "@pulumi/pulumi": "^3.0.0",
+        "@pulumiverse/time": "^0.0.17",
         "aws-lambda": "^1.0.7"
     }
 }