Skip to content

Commit 4706c62

Browse files
iruhayk99
andauthored
chore(tests): add organizational test (#31)
* chore(tests): enable benchmarks to ci/cd tests * chore(tests): 409 conflict testing aws-draios-demo * chore(tests): try aws-qa-cloudvision account * chore(tests): homogeneize backends * chore(test): run tests separately with specific env vars * chore(test): organize managed vs. member secrets * chore(test): revert backend with profile usage cannot make it work with multiple profile usage on organization :( Co-authored-by: Hayk Kocharyan <hayk.kocharyan@sysdig.com>
1 parent 926191c commit 4706c62

File tree

10 files changed

+102
-57
lines changed

10 files changed

+102
-57
lines changed

.github/workflows/ci-integration-cleanup-force.yaml

Lines changed: 0 additions & 32 deletions
This file was deleted.
Lines changed: 35 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,24 @@
11
name: CI - Integration Tests
22

33
on:
4+
workflow_dispatch:
45
pull_request:
56
paths:
67
- '**.tf'
8+
- '.github/workflows/**'
79
push:
810
branches:
911
- master
1012
paths:
1113
- '**.tf'
14+
- '.github/workflows/**'
1215
concurrency: terraform
16+
1317
jobs:
1418
integration_test:
1519
name: Test-Kitchen
1620
runs-on: ubuntu-latest
1721
env:
18-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_QA_ACCESS_KEY_ID }}
19-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_QA_SECRET_ACCESS_KEY }}
20-
AWS_REGION: ${{ secrets.AWS_REGION }}
2122
TF_VAR_sysdig_secure_endpoint: https://secure.sysdig.com
2223
TF_VAR_sysdig_secure_api_token: ${{secrets.KUBELAB_SECURE_API_TOKEN}}
2324

@@ -30,9 +31,36 @@ jobs:
3031
ruby-version: 2.7
3132
bundler-cache: true
3233

33-
- name: Run test
34-
run: bundle exec kitchen test
34+
- name: Run single-account test
35+
env:
36+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_QA_CLOUDNATIVE_ACCESS_KEY_ID }}
37+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_QA_CLOUDNATIVE_SECRET_ACCESS_KEY }}
38+
AWS_REGION: ${{ secrets.AWS_REGION }}
39+
run: bundle exec kitchen test single-account
40+
41+
- name: Destroy single-account resources
42+
env:
43+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_QA_CLOUDNATIVE_ACCESS_KEY_ID }}
44+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_QA_CLOUDNATIVE_SECRET_ACCESS_KEY }}
45+
AWS_REGION: ${{ secrets.AWS_REGION }}
46+
if: ${{ failure() }}
47+
run: bundle exec kitchen destroy single-account
48+
49+
50+
51+
- name: Run organizational test
52+
env:
53+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_QA_MANAGED_ACCESS_KEY_ID }}
54+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_QA_MANAGED_SECRET_ACCESS_KEY }}
55+
AWS_REGION: ${{ secrets.AWS_REGION }}
56+
TF_VAR_sysdig_secure_for_cloud_member_account_id: ${{ secrets.AWS_QA_CLOUDNATIVE_ACCOUNT_ID }}
57+
run: bundle exec kitchen test organizational
3558

36-
- name: Destroy resources
59+
- name: Destroy organizational resources
60+
env:
61+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_QA_MANAGED_ACCESS_KEY_ID }}
62+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_QA_MANAGED_SECRET_ACCESS_KEY }}
63+
AWS_REGION: ${{ secrets.AWS_REGION }}
64+
TF_VAR_sysdig_secure_for_cloud_member_account_id: ${{ secrets.AWS_QA_CLOUDNATIVE_ACCOUNT_ID }}
3765
if: ${{ failure() }}
38-
run: bundle exec kitchen destroy
66+
run: bundle exec kitchen destroy organizational

.kitchen.yml

Lines changed: 7 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,19 @@
11
---
22
driver:
33
name: terraform
4-
root_module_directory: test/fixtures/single-account
5-
# ################
6-
# Uncomment the following two lines if you are deploying /test/fixture/single-account/main.tf
7-
# using custom tfvars file
8-
# variable_files:
9-
# - test/fixtures/single-account/test.tfvars
10-
# ################
4+
root_module_directory: test/fixtures
115
parallelism: 4
126

137
provisioner:
148
name: terraform
159

16-
verifier:
17-
name: "awspec"
18-
1910
platforms:
2011
- name: "aws"
2112

2213
suites:
23-
- name: kt_suite
24-
verifier:
25-
name: "awspec"
26-
patterns:
27-
- "test/integration/kt_suite/single-account.rb"
14+
- name: single-account
15+
driver:
16+
root_module_directory: test/fixtures/single-account
17+
- name: organizational
18+
driver:
19+
root_module_directory: test/fixtures/organizational

.pre-commit-config.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ repos:
2727
args:
2828
- '--args=--sort-by required'
2929
- id: terraform_tflint
30+
exclude: test\/.*$
3031
args:
3132
- '--args=--only=terraform_deprecated_interpolation'
3233
- '--args=--only=terraform_deprecated_index'
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
# Terraform state storage backend
2+
terraform {
3+
backend "s3" {
4+
bucket = "secure-cloud-terraform-tests-org" # need to append '-org' to avoid conflict
5+
key = "aws-organizational/terraform.tfstate"
6+
dynamodb_table = "secure-cloud-terraform-tests"
7+
region = "eu-west-3"
8+
}
9+
}

test/fixtures/organizational/main.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
module "cloudvision_aws_single_account" {
2+
source = "../../../examples/organizational"
3+
name = var.name
4+
region = var.region
5+
6+
sysdig_secure_api_token = var.sysdig_secure_api_token
7+
sysdig_secure_endpoint = var.sysdig_secure_endpoint
8+
sysdig_secure_for_cloud_member_account_id = var.sysdig_secure_for_cloud_member_account_id
9+
}

test/fixtures/organizational/outputs.tf

Whitespace-only changes.
Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
variable "sysdig_secure_api_token" {
2+
type = string
3+
sensitive = true
4+
description = "Sysdig secure api token"
5+
}
6+
variable "sysdig_secure_for_cloud_member_account_id" {
7+
type = string
8+
description = "organizational member account where the secure-for-cloud workload is going to be deployed"
9+
}
10+
11+
12+
13+
14+
variable "name" {
15+
type = string
16+
description = "Name is the prefix used in the resources will be created"
17+
default = "sfc-tests-kitchen"
18+
}
19+
20+
variable "region" {
21+
type = string
22+
description = "Region to be deployed"
23+
default = "eu-west-3"
24+
}
25+
26+
variable "sysdig_secure_endpoint" {
27+
type = string
28+
description = "Sysdig secure endpoint"
29+
default = "https://secure.sysdig.com"
30+
}
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
terraform {
2+
required_version = ">= 0.15.0"
3+
required_providers {
4+
aws = {
5+
version = ">= 3.50.0"
6+
}
7+
}
8+
}
Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
# Terraform state storage backend
22
terraform {
33
backend "s3" {
4-
bucket = "terraform-cicd-tests"
5-
key = "single-account/terraform.tfstate"
6-
dynamodb_table = "terraform-cicd-test"
4+
bucket = "secure-cloud-terraform-tests"
5+
key = "aws-single-account/terraform.tfstate"
6+
dynamodb_table = "secure-cloud-terraform-tests"
77
region = "eu-west-3"
88
}
99
}

0 commit comments

Comments
 (0)