feat: run integration tests on CI

Author: maxday

.github/workflows/run-integration-test.yml

@@ -0,0 +1,62 @@
+name: Run integration tests
+
+permissions:
+  id-token: write
+  contents: read
+
+on:
+  workflow_dispatch:
+  push:
+
+jobs:
+  run-integration-tests:
+    runs-on: ubuntu-latest
+    steps:
+        - name: install Cargo Lambda
+          uses: jaxxstorm/action-install-gh-release@v1.9.0
+          with:
+            repo: cargo-lambda/cargo-lambda
+            platform: linux
+            arch: x86_64
+        - name: install Zig toolchain
+          uses: korandoru/setup-zig@v1
+          with:
+            zig-version: 0.10.0
+        - name: install SAM
+          uses: aws-actions/setup-sam@v2
+          with:
+            use-installer: true
+        - uses: actions/checkout@v3
+        - name: configure aws credentials
+          uses: aws-actions/configure-aws-credentials@v4.0.2
+          with:
+            role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+            role-session-name: ${{ secrets.ROLE_SESSION_NAME }}
+            aws-region: ${{ secrets.AWS_REGION }}
+        - name: build  stack
+          run: cd lambda-integration-tests-ci && sam build --beta-features
+        - name: validate stack
+          run: cd lambda-integration-tests-ci && sam validate --lint
+        - name: deploy stack
+          id: deploy_stack
+          env:
+            AWS_REGION: ${{ secrets.AWS_REGION }}
+          run: |
+            cd lambda-integration-tests-ci
+            stackName="aws-lambda-rust-integ-test-$GITHUB_RUN_ID"
+            echo "STACK_NAME=$stackName" >> "$GITHUB_OUTPUT"
+            echo "Stack name = $stackName"
+            sam deploy --stack-name "${stackName}" --parameter-overrides "ParameterKey=SecretToken,ParameterValue=${{ secrets.SECRET_TOKEN }}" --no-confirm-changeset  --no-progressbar  > disable_output
+            TEST_ENDPOINT=$(sam list stack-outputs --stack-name "${stackName}" --output json | jq -r '.[] | .OutputValue')
+            echo "TEST_ENDPOINT=$TEST_ENDPOINT" >> "$GITHUB_OUTPUT"
+        - name: run test
+          env:
+            SECRET_TOKEN: ${{ secrets.SECRET_TOKEN }}
+            TEST_ENDPOINT: ${{ steps.deploy_stack.outputs.TEST_ENDPOINT }}
+          run: cd lambda-integration-tests-ci && cargo test
+        - name: cleanup
+          if: always()
+          env:
+            AWS_REGION: ${{ secrets.AWS_REGION }}
+            STACK_NAME: ${{ steps.deploy_stack.outputs.STACK_NAME }}
+          run: sam delete --stack-name "${STACK_NAME}" --no-prompts

Cargo.toml

@@ -3,6 +3,7 @@ resolver = "2"
 members = [
     "lambda-http",
     "lambda-integration-tests",
+    "lambda-integration-tests-ci",
     "lambda-runtime-api-client",
     "lambda-runtime",
     "lambda-extension",

lambda-integration-tests-ci/Cargo.toml

@@ -0,0 +1,31 @@
+[package]
+name = "aws_lambda_rust_integration_tests"
+version = "0.1.0"
+authors = ["Maxime David"]
+edition = "2021"
+description = "AWS Lambda Runtime integration tests"
+license = "Apache-2.0"
+repository = "https://github.com/awslabs/aws-lambda-rust-runtime"
+categories = ["web-programming::http-server"]
+keywords = ["AWS", "Lambda", "API"]
+readme = "../README.md"
+
+[dependencies]
+lambda_runtime = { path = "../lambda-runtime" }
+aws_lambda_events = { path = "../lambda-events" }
+serde_json = "1.0.121"
+tokio = { version = "1", features = ["full"] }
+tracing-subscriber = { version = "0.3", default-features = false, features = ["json"] }
+serde = { version = "1.0.204", features = ["derive"] }
+
+[dev-dependencies]
+reqwest = { version = "0.12.5", features = ["blocking"] }
+openssl = { version = "0.10", features = ["vendored"] }
+
+[[bin]]
+name = "helloworld"
+path = "src/helloworld.rs"
+
+[[bin]]
+name = "authorizer"
+path = "src/authorizer.rs"

lambda-integration-tests-ci/samconfig.toml

@@ -0,0 +1,27 @@
+version = 0.1
+
+[default]
+[default.build.parameters]
+cached = true
+parallel = true
+
+[default.validate.parameters]
+lint = true
+
+[default.deploy.parameters]
+capabilities = "CAPABILITY_IAM"
+confirm_changeset = true
+resolve_s3 = true
+s3_prefix = "aws-lambda-rust-integration-test"
+
+[default.package.parameters]
+resolve_s3 = true
+
+[default.sync.parameters]
+watch = true
+
+[default.local_start_api.parameters]
+warm_containers = "EAGER"
+
+[default.local_start_lambda.parameters]
+warm_containers = "EAGER"

lambda-integration-tests-ci/src/authorizer.rs

@@ -0,0 +1,61 @@
+use std::env;
+
+use aws_lambda_events::{
+    apigw::{ApiGatewayCustomAuthorizerPolicy, ApiGatewayCustomAuthorizerResponse},
+    event::iam::IamPolicyStatement,
+};
+use lambda_runtime::{service_fn, Error, LambdaEvent};
+use serde::Deserialize;
+use serde_json::json;
+use tracing_subscriber::EnvFilter;
+
+#[derive(Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct APIGatewayCustomAuthorizerRequest {
+    authorization_token: String,
+    method_arn: String,
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Error> {
+    tracing_subscriber::fmt()
+        .json()
+        .with_env_filter(EnvFilter::from_default_env())
+        .with_target(false)
+        .with_current_span(false)
+        .with_span_list(false)
+        .without_time()
+        .init();
+    let func = service_fn(func);
+    lambda_runtime::run(func).await?;
+    Ok(())
+}
+
+async fn func(
+    event: LambdaEvent<APIGatewayCustomAuthorizerRequest>,
+) -> Result<ApiGatewayCustomAuthorizerResponse, Error> {
+    let expected_token = env::var("SECRET_TOKEN").expect("could not read the secret token");
+    if event.payload.authorization_token == expected_token {
+        return Ok(allow(&event.payload.method_arn));
+    }
+    panic!("token is not valid");
+}
+
+fn allow(method_arn: &str) -> ApiGatewayCustomAuthorizerResponse {
+    let stmt = IamPolicyStatement {
+        action: vec!["execute-api:Invoke".to_string()],
+        resource: vec![method_arn.to_owned()],
+        effect: aws_lambda_events::iam::IamPolicyEffect::Allow,
+        condition: None,
+    };
+    let policy = ApiGatewayCustomAuthorizerPolicy {
+        version: Some("2012-10-17".to_string()),
+        statement: vec![stmt],
+    };
+    ApiGatewayCustomAuthorizerResponse {
+        principal_id: Some("user".to_owned()),
+        policy_document: policy,
+        context: json!({ "hello": "world" }),
+        usage_identifier_key: None,
+    }
+}

lambda-integration-tests-ci/src/helloworld.rs

@@ -0,0 +1,34 @@
+use aws_lambda_events::{
+    apigw::{ApiGatewayProxyRequest, ApiGatewayProxyResponse},
+    http::HeaderMap,
+};
+use lambda_runtime::{service_fn, Error, LambdaEvent};
+use tracing_subscriber::EnvFilter;
+
+#[tokio::main]
+async fn main() -> Result<(), Error> {
+    tracing_subscriber::fmt()
+        .json()
+        .with_env_filter(EnvFilter::from_default_env())
+        .with_target(false)
+        .with_current_span(false)
+        .with_span_list(false)
+        .without_time()
+        .init();
+    let func = service_fn(func);
+    lambda_runtime::run(func).await?;
+    Ok(())
+}
+
+async fn func(_event: LambdaEvent<ApiGatewayProxyRequest>) -> Result<ApiGatewayProxyResponse, Error> {
+    let mut headers = HeaderMap::new();
+    headers.insert("content-type", "text/html".parse().unwrap());
+    let resp = ApiGatewayProxyResponse {
+        status_code: 200,
+        multi_value_headers: headers.clone(),
+        is_base64_encoded: false,
+        body: Some("Hello world!".into()),
+        headers,
+    };
+    Ok(resp)
+}

lambda-integration-tests-ci/template.yaml

@@ -0,0 +1,58 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Transform: AWS::Serverless-2016-10-31
+Description: maxday-test
+
+Parameters:
+  SecretToken:
+    Type: String
+
+Globals:
+  Function:
+    Timeout: 3
+
+Resources:
+  API:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: integ-test
+      Auth:
+        DefaultAuthorizer: MyLambdaAuthorizer
+        Authorizers:
+          MyLambdaAuthorizer:
+            FunctionArn: !GetAtt AuthorizerFunction.Arn
+  HelloWorldFunction:
+    Type: AWS::Serverless::Function
+    Metadata:
+      BuildMethod: rust-cargolambda
+      BuildProperties:
+        Binary: helloworld
+    Properties:
+      CodeUri: ./
+      Handler: bootstrap
+      Runtime: provided.al2023
+      Events:
+        HelloWorld:
+          Type: Api
+          Properties:
+            RestApiId: !Ref API
+            Path: /hello
+            Method: get
+
+  AuthorizerFunction:
+    Type: AWS::Serverless::Function
+    Metadata:
+      BuildMethod: rust-cargolambda
+      BuildProperties:
+        Binary: authorizer
+    Properties:
+      CodeUri: ./
+      Handler: bootstrap
+      Runtime: provided.al2023
+      Environment:
+        Variables:
+          SECRET_TOKEN: !Ref SecretToken
+
+Outputs:
+  HelloApiEndpoint:
+    Description: "API Gateway endpoint URL for HelloWorld"
+    Value: !Sub "https://${API}.execute-api.${AWS::Region}.amazonaws.com/integ-test/hello/"

lambda-integration-tests-ci/tests/integration_test.rs

@@ -0,0 +1,12 @@
+#[test]
+fn test_calling_lambda_should_return_200() {
+    let test_endpoint = std::env::var("TEST_ENDPOINT").expect("could not read TEST_ENDPOINT");
+    let secret_token = std::env::var("SECRET_TOKEN").expect("could not read SECRET_TOKEN");
+    let client = reqwest::blocking::Client::new();
+    let res = client
+        .get(test_endpoint)
+        .header("Authorization", secret_token)
+        .send()
+        .expect("could not the request");
+    assert_eq!(res.status(), 200);
+}