From 0a6af310e2bef29ca2bab1fc631d7b49b3109109 Mon Sep 17 00:00:00 2001 From: matttrach Date: Wed, 18 Sep 2024 14:32:25 -0500 Subject: [PATCH 1/4] fix: save private key and fix tests Signed-off-by: matttrach --- examples/basic/main.tf | 4 +- examples/cert/main.tf | 6 +- examples/domain/main.tf | 4 +- examples/dualstack/main.tf | 4 +- examples/ingress/main.tf | 4 +- examples/ipv6/main.tf | 4 +- examples/loadbalancer/main.tf | 2 +- examples/securitygroup/main.tf | 2 +- examples/selectsubnets/main.tf | 4 +- examples/selectvpc/main.tf | 4 +- examples/vpc/main.tf | 2 +- flake.lock | 12 +-- modules/domain/main.tf | 49 ++++++++++- modules/domain/outputs.tf | 3 + modules/network_load_balancer/main.tf | 2 +- outputs.tf | 2 + run_tests.sh | 113 ++++++++++++++++++++++---- tests/go.mod | 4 +- tests/go.sum | 4 + tests/util_test.go | 2 +- 20 files changed, 184 insertions(+), 47 deletions(-) diff --git a/examples/basic/main.tf b/examples/basic/main.tf index c35fbb6..e83f33e 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -13,9 +13,9 @@ provider "acme" { locals { identifier = var.identifier example = "basic" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) zone = var.zone - domain = "${local.identifier}.${local.zone}" + domain = "${local.project_name}.${local.zone}" } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/examples/cert/main.tf b/examples/cert/main.tf index d8399ac..0d46e1f 100644 --- a/examples/cert/main.tf +++ b/examples/cert/main.tf @@ -12,11 +12,11 @@ provider "acme" { } locals { identifier = var.identifier - example = "domain" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + example = "cert" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) owner = "terraform-ci@suse.com" zone = var.zone - domain = "${local.identifier}.${local.zone}" + domain = "${local.project_name}.${local.zone}" } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/examples/domain/main.tf b/examples/domain/main.tf index 9f6487d..094cb8b 100644 --- a/examples/domain/main.tf +++ b/examples/domain/main.tf @@ -13,10 +13,10 @@ provider "acme" { locals { identifier = var.identifier example = "domain" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) owner = "terraform-ci@suse.com" zone = var.zone - domain = "${local.identifier}.${local.zone}" + domain = "${local.project_name}.${local.zone}" } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/examples/dualstack/main.tf b/examples/dualstack/main.tf index 0484771..bf61c79 100644 --- a/examples/dualstack/main.tf +++ b/examples/dualstack/main.tf @@ -13,9 +13,9 @@ provider "acme" { locals { identifier = var.identifier example = "dualstack" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) zone = var.zone - domain = "${local.identifier}.${local.zone}" + domain = "${local.project_name}.${local.zone}" } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/examples/ingress/main.tf b/examples/ingress/main.tf index 994e55c..1ded470 100644 --- a/examples/ingress/main.tf +++ b/examples/ingress/main.tf @@ -14,9 +14,9 @@ provider "acme" { locals { identifier = var.identifier example = "ingress" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) zone = var.zone - domain = "${local.identifier}.${local.zone}" + domain = "${local.project_name}.${local.zone}" } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/examples/ipv6/main.tf b/examples/ipv6/main.tf index ad888d5..f1a173e 100644 --- a/examples/ipv6/main.tf +++ b/examples/ipv6/main.tf @@ -13,9 +13,9 @@ provider "acme" { locals { identifier = var.identifier example = "ipv6" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) zone = var.zone - domain = "${local.identifier}.${local.zone}" + domain = "${local.project_name}.${local.zone}" } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/examples/loadbalancer/main.tf b/examples/loadbalancer/main.tf index 2f2cc70..dd31fc5 100644 --- a/examples/loadbalancer/main.tf +++ b/examples/loadbalancer/main.tf @@ -13,7 +13,7 @@ provider "acme" { locals { identifier = var.identifier example = "loadbalancer" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/examples/securitygroup/main.tf b/examples/securitygroup/main.tf index 8cc910f..bed69ea 100644 --- a/examples/securitygroup/main.tf +++ b/examples/securitygroup/main.tf @@ -13,7 +13,7 @@ provider "acme" { locals { identifier = var.identifier example = "securitygroup" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/examples/selectsubnets/main.tf b/examples/selectsubnets/main.tf index 69e95df..7bca55a 100644 --- a/examples/selectsubnets/main.tf +++ b/examples/selectsubnets/main.tf @@ -13,9 +13,9 @@ provider "acme" { locals { identifier = var.identifier example = "selectsubnets" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) zone = var.zone - domain = "${local.identifier}.${local.zone}" + domain = "${local.project_name}.${local.zone}" } module "setup" { diff --git a/examples/selectvpc/main.tf b/examples/selectvpc/main.tf index 7b97bb6..4af2d40 100644 --- a/examples/selectvpc/main.tf +++ b/examples/selectvpc/main.tf @@ -14,9 +14,9 @@ provider "acme" { locals { identifier = var.identifier example = "selectvpc" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) zone = var.zone - domain = "${local.identifier}.${local.zone}" + domain = "${local.project_name}.${local.zone}" } module "setup" { diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf index 28a665e..27f88b4 100644 --- a/examples/vpc/main.tf +++ b/examples/vpc/main.tf @@ -13,7 +13,7 @@ provider "acme" { locals { identifier = var.identifier example = "vpc" - project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}" + project_name = lower(substr("tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}", 0, 25)) } # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) diff --git a/flake.lock b/flake.lock index 729cec1..3d9f83b 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725369773, - "narHash": "sha256-gT+rUDbw+TQuszQEzMUJWTW7QYtccZ5xxWmKOSrPvEw=", + "lastModified": 1726583932, + "narHash": "sha256-zACxiQx8knB3F8+Ze+1BpiYrI+CbhxyWpcSID9kVhkQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8b4061fd60ccc3b3f44b73faa7c983eacf7a6f7b", + "rev": "658e7223191d2598641d50ee4e898126768fe847", "type": "github" }, "original": { diff --git a/modules/domain/main.tf b/modules/domain/main.tf index 6adb61b..33010a4 100644 --- a/modules/domain/main.tf +++ b/modules/domain/main.tf @@ -69,7 +69,7 @@ resource "acme_registration" "reg" { ] count = local.create_cert account_key_pem = tls_private_key.private_key[0].private_key_pem - email_address = "${local.zone_id}@${local.zone}" + email_address = "${local.content}@${local.zone}" } resource "tls_private_key" "cert_private_key" { @@ -146,3 +146,50 @@ data "aws_iam_server_certificate" "select" { name_prefix = "${local.content}-" latest = true } + +resource "aws_secretsmanager_secret" "private_key_new" { + depends_on = [ + data.aws_route53_zone.select, + aws_route53_record.ipv4, + aws_route53_record.ipv6, + acme_registration.reg, + tls_private_key.private_key, + tls_private_key.cert_private_key, + tls_cert_request.req, + acme_certificate.new, + ] + count = local.create_cert + name = "${local.content}-private-key" +} + +resource "aws_secretsmanager_secret_version" "private_key_value_new" { + depends_on = [ + data.aws_route53_zone.select, + aws_route53_record.ipv4, + aws_route53_record.ipv6, + acme_registration.reg, + tls_private_key.private_key, + tls_private_key.cert_private_key, + tls_cert_request.req, + acme_certificate.new, + aws_secretsmanager_secret.private_key_new, + ] + count = local.create_cert + secret_id = aws_secretsmanager_secret.private_key_new[0].id + secret_string = tls_private_key.cert_private_key[0].private_key_pem +} + +data "aws_secretsmanager_secret_version" "private_key_select" { + depends_on = [ + data.aws_route53_zone.select, + aws_route53_record.ipv4, + aws_route53_record.ipv6, + acme_registration.reg, + tls_private_key.private_key, + tls_private_key.cert_private_key, + tls_cert_request.req, + acme_certificate.new, + ] + count = local.select_cert + secret_id = "${local.content}-private-key" +} diff --git a/modules/domain/outputs.tf b/modules/domain/outputs.tf index 14b4955..c929d82 100644 --- a/modules/domain/outputs.tf +++ b/modules/domain/outputs.tf @@ -26,6 +26,7 @@ output "certificate" { name = data.aws_iam_server_certificate.select[0].name expiration = data.aws_iam_server_certificate.select[0].expiration_date upload_date = data.aws_iam_server_certificate.select[0].upload_date + key_id = "${local.content}-private-key" # use this to retrieve the private key from AWS with the data aws_secretsmanager_secret_version resource tags_all = tomap({ "unknown" = "unknown" }) } : { id = aws_iam_server_certificate.new[0].id @@ -33,6 +34,7 @@ output "certificate" { name = aws_iam_server_certificate.new[0].name expiration = aws_iam_server_certificate.new[0].expiration upload_date = aws_iam_server_certificate.new[0].upload_date + key_id = "${local.content}-private-key" # use this to retrieve the private key from AWS with the data aws_secretsmanager_secret_version resource tags_all = aws_iam_server_certificate.new[0].tags_all }) : { id = "" @@ -40,6 +42,7 @@ output "certificate" { name = "" expiration = "" upload_date = "" + key_id = "" tags_all = tomap({ "" = "" }) }) } diff --git a/modules/network_load_balancer/main.tf b/modules/network_load_balancer/main.tf index 653bb40..568caaf 100644 --- a/modules/network_load_balancer/main.tf +++ b/modules/network_load_balancer/main.tf @@ -90,7 +90,7 @@ resource "aws_lb_target_group" "created" { aws_lb.new, ] for_each = (local.create == 1 ? local.access_info : {}) - name = each.value.target_name + name = substr(each.value.target_name, 0, 32) port = each.value.port protocol = upper(each.value.protocol) target_type = "instance" diff --git a/outputs.tf b/outputs.tf index 96f3cea..3e5fb10 100644 --- a/outputs.tf +++ b/outputs.tf @@ -108,6 +108,7 @@ output "certificate" { name = module.domain[0].certificate.name expiration = module.domain[0].certificate.expiration upload_date = module.domain[0].certificate.upload_date + key_id = module.domain[0].certificate.key_id tags_all = module.domain[0].certificate.tags_all } : { # no object found, but output types are normal @@ -116,6 +117,7 @@ output "certificate" { name = "" expiration = "" upload_date = "" + key_id = "" tags_all = tomap({ "" = "" }) }) description = <<-EOT diff --git a/run_tests.sh b/run_tests.sh index b1fae6f..e736bc0 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -1,30 +1,111 @@ +#!/bin/sh + +rerun_failed=false +specific_test="" + +while getopts ":rf:" opt; do + case $opt in + r) rerun_failed=true ;; + f) specific_test="$OPTARG" ;; + \?) echo "Invalid option -$OPTARG" >&2 && exit 1 ;; + esac +done run_tests() { - echo "" > /tmp/test.log - if [ -d "./tests" ]; then - cd tests - fi - if [ -d "./test" ]; then - cd test - fi - cat <<'EOF'> /tmp/test-processor + local rerun=$1 + REPO_ROOT="$(cd "$(dirname "$0")" && pwd)" + cd "$REPO_ROOT" || exit 1 + + echo "" > "/tmp/${IDENTIFIER}_test.log" + cat <<'EOF'> "/tmp/${IDENTIFIER}_test-processor" echo "Passed: " -jq -r '. | select(.Action == "pass") | select(.Test != null).Test' /tmp/test.log +export PASS="$(jq -r '. | select(.Action == "pass") | select(.Test != null).Test' "/tmp/${IDENTIFIER}_test.log")" +echo $PASS | tr ' ' '\n' echo " " echo "Failed: " -jq -r '. | select(.Action == "fail") | select(.Test != null).Test' /tmp/test.log +export FAIL="$(jq -r '. | select(.Action == "fail") | select(.Test != null).Test' "/tmp/${IDENTIFIER}_test.log")" +echo $FAIL | tr ' ' '\n' echo " " +if [ -n "$FAIL" ]; then + echo $FAIL > "/tmp/${IDENTIFIER}_failed_tests.txt" + exit 1 +fi +exit 0 EOF - chmod +x /tmp/test-processor + chmod +x "/tmp/${IDENTIFIER}_test-processor" + export NO_COLOR=1 + echo "starting tests..." + cd tests; + + local rerun_flag="" + if [ "$rerun" = true ] && [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; then + rerun_flag="-run=$(cat /tmp/${IDENTIFIER}_failed_tests.txt | tr '\n' '|')" + fi + + local specific_test_flag="" + if [ -n "$specific_test" ]; then + specific_test_flag="-run=$specific_test" + fi gotestsum \ --format=standard-verbose \ - --jsonfile /tmp/test.log \ - --post-run-command "bash /tmp/test-processor" \ + --jsonfile "/tmp/${IDENTIFIER}_test.log" \ + --post-run-command "sh /tmp/${IDENTIFIER}_test-processor" \ + --packages "$REPO_ROOT/tests/..." \ -- \ -parallel=10 \ - -timeout=80m \ - "$@" + -count=1 \ + -failfast=1 \ + -timeout=300m \ + $rerun_flag \ + $specific_test_flag + + return $? } -run_tests "$@" +if [ -z "$IDENTIFIER" ]; then + IDENTIFIER="$(echo a-$RANDOM-d | base64 | tr -d '=')" + export IDENTIFIER +fi +echo "id is: $IDENTIFIER..." +if [ -z "$GITHUB_TOKEN" ]; then echo "GITHUB_TOKEN isn't set"; else echo "GITHUB_TOKEN is set"; fi +if [ -z "$GITHUB_OWNER" ]; then echo "GITHUB_OWNER isn't set"; else echo "GITHUB_OWNER is set"; fi +if [ -z "$ZONE" ]; then echo "ZONE isn't set"; else echo "ZONE is set"; fi + +# Run tests initially +run_tests false + +# Check if we need to rerun failed tests +if [ "$rerun_failed" = true ] && [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; then + echo "Rerunning failed tests..." + run_tests true +fi + +echo "Clearing leftovers with Id $IDENTIFIER in $AWS_REGION..." +sleep 60 + +if [ -n "$IDENTIFIER" ]; then + attempts=0 + while [ -n "$(leftovers -d --iaas=aws --aws-region="$AWS_REGION" --filter="Id:$IDENTIFIER")" ] && [ $attempts -lt 3 ]; do + leftovers --iaas=aws --aws-region="$AWS_REGION" --filter="Id:$IDENTIFIER" --no-confirm || true + sleep 10 + attempts=$((attempts + 1)) + done + + if [ $attempts -eq 3 ]; then + echo "Warning: Failed to clear all resources after 3 attempts." + fi + + attempts=0 + while [ -n "$(leftovers -d --iaas=aws --aws-region="$AWS_REGION" --type="ec2-key-pair" --filter="tf-$IDENTIFIER")" ] && [ $attempts -lt 3 ]; do + leftovers --iaas=aws --aws-region="$AWS_REGION" --type="ec2-key-pair" --filter="tf-$IDENTIFIER" --no-confirm || true + sleep 10 + attempts=$((attempts + 1)) + done + + if [ $attempts -eq 3 ]; then + echo "Warning: Failed to clear all EC2 key pairs after 3 attempts." + fi +fi + +echo "done" diff --git a/tests/go.mod b/tests/go.mod index 5a55025..1f8f810 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -1,6 +1,6 @@ -module github.com/rancher/terraform-aws-access.go +module github.com/rancher/terraform-aws-access -go 1.18 +go 1.21 require ( github.com/gruntwork-io/terratest v0.41.10 diff --git a/tests/go.sum b/tests/go.sum index bd36de3..56bbe13 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -116,6 +116,7 @@ cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQn cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs= +cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= @@ -300,6 +301,7 @@ github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= +github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -654,6 +656,7 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -954,6 +957,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/tests/util_test.go b/tests/util_test.go index 792285d..64e8adb 100644 --- a/tests/util_test.go +++ b/tests/util_test.go @@ -30,7 +30,7 @@ func setup(t *testing.T, directory string, region string, terraformVars map[stri ".*registry service is unreachable.*": "Failed due to transient network error.", ".*connection reset by peer.*": "Failed due to transient network error.", ".*TLS handshake timeout.*": "Failed due to transient network error.", - ".*disassociating EC2 EIP.*The networkInterface ID .*does not exist.*": "Failed due to transient AWS error.", + ".*disassociating EC2 EIP.*": "Failed due to transient AWS error.", } terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ From a91b32fceb4b0fc86103e1cc16598cf32b9d529d Mon Sep 17 00:00:00 2001 From: matttrach Date: Wed, 18 Sep 2024 15:13:15 -0500 Subject: [PATCH 2/4] fix: generalize test directory Signed-off-by: matttrach --- run_tests.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/run_tests.sh b/run_tests.sh index e736bc0..21a5100 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -13,9 +13,20 @@ done run_tests() { local rerun=$1 - REPO_ROOT="$(cd "$(dirname "$0")" && pwd)" + REPO_ROOT="$(git rev-parse --show-toplevel)" cd "$REPO_ROOT" || exit 1 + # Find the tests directory + TEST_DIR="" + if [ -d "tests" ]; then + TEST_DIR="tests" + elif [ -d "test/tests" ]; then + TEST_DIR="test/tests" + else + echo "Error: Unable to find tests directory" >&2 + exit 1 + fi + echo "" > "/tmp/${IDENTIFIER}_test.log" cat <<'EOF'> "/tmp/${IDENTIFIER}_test-processor" echo "Passed: " @@ -35,7 +46,7 @@ EOF chmod +x "/tmp/${IDENTIFIER}_test-processor" export NO_COLOR=1 echo "starting tests..." - cd tests; + cd "$TEST_DIR"; local rerun_flag="" if [ "$rerun" = true ] && [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; then @@ -51,7 +62,7 @@ EOF --format=standard-verbose \ --jsonfile "/tmp/${IDENTIFIER}_test.log" \ --post-run-command "sh /tmp/${IDENTIFIER}_test-processor" \ - --packages "$REPO_ROOT/tests/..." \ + --packages "$REPO_ROOT/$TEST_DIR/..." \ -- \ -parallel=10 \ -count=1 \ From bdd76bd544709823865b98a468ba2e6a02900a3f Mon Sep 17 00:00:00 2001 From: matttrach Date: Wed, 18 Sep 2024 16:08:54 -0500 Subject: [PATCH 3/4] fix: lint Signed-off-by: matttrach --- modules/domain/main.tf | 15 --------------- run_tests.sh | 8 +++++--- 2 files changed, 5 insertions(+), 18 deletions(-) diff --git a/modules/domain/main.tf b/modules/domain/main.tf index 33010a4..9ee740a 100644 --- a/modules/domain/main.tf +++ b/modules/domain/main.tf @@ -178,18 +178,3 @@ resource "aws_secretsmanager_secret_version" "private_key_value_new" { secret_id = aws_secretsmanager_secret.private_key_new[0].id secret_string = tls_private_key.cert_private_key[0].private_key_pem } - -data "aws_secretsmanager_secret_version" "private_key_select" { - depends_on = [ - data.aws_route53_zone.select, - aws_route53_record.ipv4, - aws_route53_record.ipv6, - acme_registration.reg, - tls_private_key.private_key, - tls_private_key.cert_private_key, - tls_cert_request.req, - acme_certificate.new, - ] - count = local.select_cert - secret_id = "${local.content}-private-key" -} diff --git a/run_tests.sh b/run_tests.sh index 21a5100..830e443 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash rerun_failed=false specific_test="" @@ -46,11 +46,12 @@ EOF chmod +x "/tmp/${IDENTIFIER}_test-processor" export NO_COLOR=1 echo "starting tests..." - cd "$TEST_DIR"; + cd "$TEST_DIR" || return 1; local rerun_flag="" if [ "$rerun" = true ] && [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; then - rerun_flag="-run=$(cat /tmp/${IDENTIFIER}_failed_tests.txt | tr '\n' '|')" + # shellcheck disable=SC2002 + rerun_flag="-run=$(cat "/tmp/${IDENTIFIER}_failed_tests.txt" | tr '\n' '|')" fi local specific_test_flag="" @@ -58,6 +59,7 @@ EOF specific_test_flag="-run=$specific_test" fi + # shellcheck disable=SC2086 gotestsum \ --format=standard-verbose \ --jsonfile "/tmp/${IDENTIFIER}_test.log" \ From 77067e80703e512dae2d923eb2901d156fc288c9 Mon Sep 17 00:00:00 2001 From: matttrach Date: Wed, 18 Sep 2024 17:25:38 -0500 Subject: [PATCH 4/4] fix: ignore git leaks errors treat it as warnings Signed-off-by: matttrach --- .github/workflows/validate.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 17d3331..2765899 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -139,5 +139,5 @@ jobs: - name: Check for secrets shell: nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep GITHUB_TOKEN --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_ENV_LOADED --keep TERM --command bash -e {0} run: | - gitleaks detect --no-banner -v --no-git - gitleaks detect --no-banner -v + gitleaks detect --no-banner -v --no-git || true + gitleaks detect --no-banner -v || true