add terraform support

Signed-off-by: addjuarez <6789375+addjuarez@users.noreply.github.com>
2022-12-12 21:34:03 +00:00 · 2022-12-12 21:34:03 +00:00 · e24ee7d915
parent a4b27ae49b
commit e24ee7d915
4 changed files with 203 additions and 10 deletions
--- a/.github/infrastructure/terraform/conformance/pubsub/aws/snssqs/snssqs.tf
+++ b/.github/infrastructure/terraform/conformance/pubsub/aws/snssqs/snssqs.tf
@ -0,0 +1,99 @@
+variable "UUID" {
+    type        = string
+    description = "This is an example input variable using env variables."
+}
+
+resource "aws_sns_topic" "testTopic" {
+  name = "testTopic"
+  tags = {
+    dapr-topic-name = "testTopic"
+  }
+}
+
+resource "aws_sns_topic" "multiTopic1" {
+  name = "multiTopic1"
+  tags = {
+    dapr-topic-name = "multiTopic1"
+  }
+}
+
+resource "aws_sns_topic" "multiTopic2" {
+  name = "multiTopic2"
+  tags = {
+    dapr-topic-name = "multiTopic2"
+  }
+}
+
+resource "aws_sqs_queue" "testQueue" {
+  name = "testQueue"
+  tags = {
+    dapr-queue-name = "testQueue"
+  }
+}
+
+resource "aws_sns_topic_subscription" "multiTopic1_testQueue" {
+  topic_arn = aws_sns_topic.multiTopic1.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.testQueue.arn
+}
+
+resource "aws_sns_topic_subscription" "multiTopic2_testQueue" {
+  topic_arn = aws_sns_topic.multiTopic2.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.testQueue.arn
+}
+
+resource "aws_sns_topic_subscription" "testTopic_testQueue" {
+  topic_arn = aws_sns_topic.testTopic.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.testQueue.arn
+}
+
+resource "aws_sqs_queue_policy" "testQueue_policy" {
+    queue_url = "${aws_sqs_queue.testQueue.id}"
+
+    policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.testQueue.arn}",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "${aws_sns_topic.testTopic.arn}"
+        }
+      }
+    }, 
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.testQueue.arn}",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "${aws_sns_topic.multiTopic1.arn}"
+        }
+      }
+    },
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.testQueue.arn}",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "${aws_sns_topic.multiTopic2.arn}"
+        }
+      }
+    }
+  ]
+}
+POLICY
+}
--- a/.github/workflows/certification.yml
+++ b/.github/workflows/certification.yml
@ -151,6 +151,8 @@ jobs:
      run:
        shell: bash
    needs: generate-matrix
+    env:
+      UUID: ${{github.run_id}}

    strategy:
      fail-fast: false # Keep running even if one component fails
@ -223,6 +225,43 @@ jobs:
          echo "$CERT_NAME=$CERT_FILE" >> $GITHUB_ENV
        done

+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      if: matrix.terraform-dir != ''
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET }}
+        aws-region: us-west-2
+
+    - name: Terraform Init
+      id: init
+      run: |
+          rm -rf .terraform
+          terraform init
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+      
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate -no-color
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
+    - name: Terraform Plan
+      id: plan
+      run: terraform plan -no-color -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
+    - name: Terraform Apply     
+      run: terraform apply -auto-approve -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+      continue-on-error: true
+
    - name: Set up Go
      uses: actions/setup-go@v3
      with:
@ -245,6 +284,9 @@ jobs:
    - name: Run tests
      continue-on-error: false
      working-directory: ${{ env.TEST_PATH }}
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET }}  
      run: |
        echo "Running certification tests for ${{ matrix.component }} ... "
        export GOLANG_PROTOBUF_REGISTRATION_CONFLICT=ignore
@ -336,6 +378,12 @@ jobs:
        name: ${{ matrix.component }}_certification_test
        path: ${{ env.TEST_OUTPUT_FILE_PREFIX }}_certification.*

+    - name: Terraform Destroy
+      continue-on-error: true    
+      run: terraform destroy -auto-approve -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
  post_job:
    name: Post-completion
    runs-on: ubuntu-latest
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@ -147,6 +147,8 @@ jobs:
          required-secrets: AzureKeyVaultName,AzureKeyVaultSecretStoreTenantId,AzureKeyVaultSecretStoreServicePrincipalClientId,AzureKeyVaultSecretStoreServicePrincipalClientSecret
        - component: bindings.azure.cosmosdb
          required-secrets: AzureCosmosDBMasterKey,AzureCosmosDBUrl,AzureCosmosDB,AzureCosmosDBCollection
+        - component: pubsub.aws.snssqs
+          terraform-dir: pubsub/aws/snssqs
        EOF
        )
        echo "::set-output name=cron-components::$CRON_COMPONENTS"
@ -176,6 +178,8 @@ jobs:
      run:
        shell: bash
    needs: generate-matrix
+    env:
+      UUID: ${{github.run_id}}

    strategy:
      fail-fast: false # Keep running even if one component fails
@ -254,6 +258,43 @@ jobs:
          echo "$CERT_NAME=$CERT_FILE" >> $GITHUB_ENV
        done

+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      if: matrix.terraform-dir != ''
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET }}
+        aws-region: us-west-2
+
+    - name: Terraform Init
+      id: init
+      run: |
+          rm -rf .terraform
+          terraform init
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+      
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate -no-color
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
+    - name: Terraform Plan
+      id: plan
+      run: terraform plan -no-color -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
+    - name: Terraform Apply     
+      run: terraform apply -auto-approve -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+      continue-on-error: true
+
    - name: Start Redis
      run: docker-compose -f ./.github/infrastructure/docker-compose-redisjson.yml -p redis up -d
      if: contains(matrix.component, 'redis')
@ -313,10 +354,6 @@ jobs:
      run: docker-compose -f ./.github/infrastructure/docker-compose-rabbitmq.yml -p rabbitmq up -d
      if: contains(matrix.component, 'rabbitmq')

-    - name: Start aws snssqs
-      run: docker-compose -f ./.github/infrastructure/docker-compose-snssqs.yml -p snssqs up -d
-      if: contains(matrix.component, 'aws.snssqs')
-
    - name: Start influxdb
      run: |
        export INFLUX_TOKEN=$(openssl rand -base64 32)
@ -392,6 +429,9 @@ jobs:

    - name: Run tests
      continue-on-error: true
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET }}  
      run: |
        set -e 
        KIND=$(echo ${{ matrix.component }} | cut -d. -f1)
@ -457,6 +497,12 @@ jobs:
          rm $CERT_FILE
        done

+    - name: Terraform Destroy
+      continue-on-error: true    
+      run: terraform destroy -auto-approve -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
    - name: Check conformance test passed
      continue-on-error: false
      run: |
--- a/tests/config/pubsub/aws/snssqs/pubsub.yml
+++ b/tests/config/pubsub/aws/snssqs/pubsub.yml
@ -7,14 +7,12 @@ spec:
  type: pubsub.aws.snssqs
  version: v1
  metadata:
-    - name: endpoint
-      value: "http://localhost:4566"
    - name: accessKey
-      value: "my-access"
+      value: ${{AWS_ACCESS_KEY_ID}}
    - name: secretKey
-      value: "my-secret"
+      value: ${{AWS_SECRET_ACCESS_KEY}}
    - name: region
-      value: "us-east-1"
+      value: "us-west-2"
    - name: consumerID
      value: "testQueue"
    - name: messageVisibilityTimeout
@ -26,4 +24,6 @@ spec:
    - name: messageMaxNumber
      value: 10
    - name: concurrencyMode
-      value: "single"
+      value: "single"
+    - name: disableEntityManagement # Optional
+      value: "true"