From e24ee7d9154be9098bb48fe9e00f4bd433881445 Mon Sep 17 00:00:00 2001
From: addjuarez <6789375+addjuarez@users.noreply.github.com>
Date: Mon, 12 Dec 2022 21:34:03 +0000
Subject: [PATCH] add terraform support

Signed-off-by: addjuarez <6789375+addjuarez@users.noreply.github.com>
---
 .../conformance/pubsub/aws/snssqs/snssqs.tf   | 99 +++++++++++++++++++
 .github/workflows/certification.yml           | 48 +++++++++
 .github/workflows/conformance.yml             | 54 +++++++++-
 tests/config/pubsub/aws/snssqs/pubsub.yml     | 12 +--
 4 files changed, 203 insertions(+), 10 deletions(-)
 create mode 100644 .github/infrastructure/terraform/conformance/pubsub/aws/snssqs/snssqs.tf

diff --git a/.github/infrastructure/terraform/conformance/pubsub/aws/snssqs/snssqs.tf b/.github/infrastructure/terraform/conformance/pubsub/aws/snssqs/snssqs.tf
new file mode 100644
index 000000000..7b6d8ec90
--- /dev/null
+++ b/.github/infrastructure/terraform/conformance/pubsub/aws/snssqs/snssqs.tf
@@ -0,0 +1,99 @@
+variable "UUID" {
+    type        = string
+    description = "This is an example input variable using env variables."
+}
+
+resource "aws_sns_topic" "testTopic" {
+  name = "testTopic"
+  tags = {
+    dapr-topic-name = "testTopic"
+  }
+}
+
+resource "aws_sns_topic" "multiTopic1" {
+  name = "multiTopic1"
+  tags = {
+    dapr-topic-name = "multiTopic1"
+  }
+}
+
+resource "aws_sns_topic" "multiTopic2" {
+  name = "multiTopic2"
+  tags = {
+    dapr-topic-name = "multiTopic2"
+  }
+}
+
+resource "aws_sqs_queue" "testQueue" {
+  name = "testQueue"
+  tags = {
+    dapr-queue-name = "testQueue"
+  }
+}
+
+resource "aws_sns_topic_subscription" "multiTopic1_testQueue" {
+  topic_arn = aws_sns_topic.multiTopic1.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.testQueue.arn
+}
+
+resource "aws_sns_topic_subscription" "multiTopic2_testQueue" {
+  topic_arn = aws_sns_topic.multiTopic2.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.testQueue.arn
+}
+
+resource "aws_sns_topic_subscription" "testTopic_testQueue" {
+  topic_arn = aws_sns_topic.testTopic.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.testQueue.arn
+}
+
+resource "aws_sqs_queue_policy" "testQueue_policy" {
+    queue_url = "${aws_sqs_queue.testQueue.id}"
+
+    policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.testQueue.arn}",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "${aws_sns_topic.testTopic.arn}"
+        }
+      }
+    }, 
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.testQueue.arn}",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "${aws_sns_topic.multiTopic1.arn}"
+        }
+      }
+    },
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.testQueue.arn}",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "${aws_sns_topic.multiTopic2.arn}"
+        }
+      }
+    }
+  ]
+}
+POLICY
+}
diff --git a/.github/workflows/certification.yml b/.github/workflows/certification.yml
index 1265cb398..25454a1b8 100644
--- a/.github/workflows/certification.yml
+++ b/.github/workflows/certification.yml
@@ -151,6 +151,8 @@ jobs:
       run:
         shell: bash
     needs: generate-matrix
+    env:
+      UUID: ${{github.run_id}}
 
     strategy:
       fail-fast: false # Keep running even if one component fails
@@ -223,6 +225,43 @@ jobs:
           echo "$CERT_NAME=$CERT_FILE" >> $GITHUB_ENV
         done
 
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      if: matrix.terraform-dir != ''
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET }}
+        aws-region: us-west-2
+
+    - name: Terraform Init
+      id: init
+      run: |
+          rm -rf .terraform
+          terraform init
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+      
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate -no-color
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
+    - name: Terraform Plan
+      id: plan
+      run: terraform plan -no-color -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
+    - name: Terraform Apply     
+      run: terraform apply -auto-approve -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+      continue-on-error: true
+
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
@@ -245,6 +284,9 @@ jobs:
     - name: Run tests
       continue-on-error: false
       working-directory: ${{ env.TEST_PATH }}
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET }}  
       run: |
         echo "Running certification tests for ${{ matrix.component }} ... "
         export GOLANG_PROTOBUF_REGISTRATION_CONFLICT=ignore
@@ -336,6 +378,12 @@ jobs:
         name: ${{ matrix.component }}_certification_test
         path: ${{ env.TEST_OUTPUT_FILE_PREFIX }}_certification.*
 
+    - name: Terraform Destroy
+      continue-on-error: true    
+      run: terraform destroy -auto-approve -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/certification/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
   post_job:
     name: Post-completion
     runs-on: ubuntu-latest
diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index 7a898acbb..0d1abd29b 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -147,6 +147,8 @@ jobs:
           required-secrets: AzureKeyVaultName,AzureKeyVaultSecretStoreTenantId,AzureKeyVaultSecretStoreServicePrincipalClientId,AzureKeyVaultSecretStoreServicePrincipalClientSecret
         - component: bindings.azure.cosmosdb
           required-secrets: AzureCosmosDBMasterKey,AzureCosmosDBUrl,AzureCosmosDB,AzureCosmosDBCollection
+        - component: pubsub.aws.snssqs
+          terraform-dir: pubsub/aws/snssqs
         EOF
         )
         echo "::set-output name=cron-components::$CRON_COMPONENTS"
@@ -176,6 +178,8 @@ jobs:
       run:
         shell: bash
     needs: generate-matrix
+    env:
+      UUID: ${{github.run_id}}
 
     strategy:
       fail-fast: false # Keep running even if one component fails
@@ -254,6 +258,43 @@ jobs:
           echo "$CERT_NAME=$CERT_FILE" >> $GITHUB_ENV
         done
 
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      if: matrix.terraform-dir != ''
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET }}
+        aws-region: us-west-2
+
+    - name: Terraform Init
+      id: init
+      run: |
+          rm -rf .terraform
+          terraform init
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+      
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate -no-color
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
+    - name: Terraform Plan
+      id: plan
+      run: terraform plan -no-color -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
+    - name: Terraform Apply     
+      run: terraform apply -auto-approve -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+      continue-on-error: true
+
     - name: Start Redis
       run: docker-compose -f ./.github/infrastructure/docker-compose-redisjson.yml -p redis up -d
       if: contains(matrix.component, 'redis')
@@ -313,10 +354,6 @@ jobs:
       run: docker-compose -f ./.github/infrastructure/docker-compose-rabbitmq.yml -p rabbitmq up -d
       if: contains(matrix.component, 'rabbitmq')
 
-    - name: Start aws snssqs
-      run: docker-compose -f ./.github/infrastructure/docker-compose-snssqs.yml -p snssqs up -d
-      if: contains(matrix.component, 'aws.snssqs')
-
     - name: Start influxdb
       run: |
         export INFLUX_TOKEN=$(openssl rand -base64 32)
@@ -392,6 +429,9 @@ jobs:
 
     - name: Run tests
       continue-on-error: true
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET }}  
       run: |
         set -e 
         KIND=$(echo ${{ matrix.component }} | cut -d. -f1)
@@ -457,6 +497,12 @@ jobs:
           rm $CERT_FILE
         done
 
+    - name: Terraform Destroy
+      continue-on-error: true    
+      run: terraform destroy -auto-approve -var="UUID=${{github.run_id}}"
+      working-directory: "./.github/infrastructure/terraform/conformance/${{ matrix.terraform-dir }}"
+      if: matrix.terraform-dir != ''
+
     - name: Check conformance test passed
       continue-on-error: false
       run: |
diff --git a/tests/config/pubsub/aws/snssqs/pubsub.yml b/tests/config/pubsub/aws/snssqs/pubsub.yml
index 613371291..5c5edb68f 100644
--- a/tests/config/pubsub/aws/snssqs/pubsub.yml
+++ b/tests/config/pubsub/aws/snssqs/pubsub.yml
@@ -7,14 +7,12 @@ spec:
   type: pubsub.aws.snssqs
   version: v1
   metadata:
-    - name: endpoint
-      value: "http://localhost:4566"
     - name: accessKey
-      value: "my-access"
+      value: ${{AWS_ACCESS_KEY_ID}}
     - name: secretKey
-      value: "my-secret"
+      value: ${{AWS_SECRET_ACCESS_KEY}}
     - name: region
-      value: "us-east-1"
+      value: "us-west-2"
     - name: consumerID
       value: "testQueue"
     - name: messageVisibilityTimeout
@@ -26,4 +24,6 @@ spec:
     - name: messageMaxNumber
       value: 10
     - name: concurrencyMode
-      value: "single"
\ No newline at end of file
+      value: "single"
+    - name: disableEntityManagement # Optional
+      value: "true"
\ No newline at end of file