e2e: add AWS test

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2022-11-08 16:43:17 +01:00 · 2022-11-08 16:43:17 +01:00 · 11672acf0a
commit 11672acf0a
parent f6b3ef6a57
7 changed files with 102 additions and 12 deletions
--- a/.github/actions/constellation_create/action.yml
+++ b/.github/actions/constellation_create/action.yml
@ -11,12 +11,6 @@ inputs:
  cloudProvider:
    description: "Either 'gcp' or 'azure'."
    required: true
-  gcpProject:
-    description: "The GCP project to deploy Constellation in."
-    required: false
-  gcpClusterServiceAccountKey:
-    description: "Service account to use inside the created Constellation cluster on GCP."
-    required: false
  machineType:
    description: "Machine type of VM to spawn."
    required: false
@ -29,6 +23,18 @@ inputs:
  kubernetesVersion:
    description: "Kubernetes version to create the cluster from."
    required: false
+  #
+  # GCP specific inputs
+  #
+  gcpProject:
+    description: "The GCP project to deploy Constellation in."
+    required: false
+  gcpClusterServiceAccountKey:
+    description: "The GCP Service account to use inside the created Constellation cluster."
+    required: false
+  #
+  # Azure specific inputs
+  #
  azureSubscription:
    description: "The Azure subscription ID to deploy Constellation in."
    required: false
@ -36,16 +42,16 @@ inputs:
    description: "The Azure tenant ID to deploy Constellation in."
    required: false
  azureClientID:
-    description: "The client ID of the application registration created for Constellation in Azure."
+    description: "The Azure client ID of the application registration created for Constellation."
    required: false
  azureClientSecret:
-    description: "The client secret value of the used secret"
+    description: "The Azure client secret value of the used secret."
    required: false
  azureUserAssignedIdentity:
    description: "The Azure user assigned identity to use for Constellation."
    required: false
  azureResourceGroup:
-    description: "The resource group to use for Constellation cluster"
+    description: "The Azure resource group to use for Constellation cluster"
    required: false

 outputs:
@ -71,6 +77,7 @@ runs:
            (.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" |
            (.provider | select(. | has(\"azure\")).azure.enforcedMeasurements) = [15]" \
          constellation-conf.yaml
+
        yq eval -i \
          "(.provider | select(. | has(\"gcp\")).gcp.project) = \"${{ inputs.gcpProject }}\" |
            (.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" |
@ -79,6 +86,14 @@ runs:
            (.provider | select(. | has(\"gcp\")).gcp.serviceAccountKeyPath) = \"serviceAccountKey.json\"" \
          constellation-conf.yaml

+        yq eval -i \
+          "(.provider | select(. | has(\"aws\")).aws.region) = \"eu-central-1\" |
+            (.provider | select(. | has(\"aws\")).aws.zone) = \"eu-central-1a\" |
+            (.provider | select(. | has(\"aws\")).aws.iamProfileControlPlane) = \"e2e_test_control_plane_instance_profile\" |
+            (.provider | select(. | has(\"aws\")).aws.iamProfileWorkerNodes) = \"e2e_test_worker_node_instance_profile\" |
+            (.provider | select(. | has(\"aws\")).aws.enforcedMeasurements) = [15]" \
+          constellation-conf.yaml
+
        if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then
          yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml
        fi
@ -111,6 +126,16 @@ runs:

            yq eval -i "(.provider.gcp.image) = \"${GCP_IMAGE}\"" constellation-conf.yaml
            ;;
+          aws)
+            if [ "${{ inputs.osImage == 'debug-latest' }}" = true ]
+            then
+              AWS_IMAGE=$(aws ec2 describe-images --owners 795746500882 --region eu-central-1 --filters "Name=name,Values=constellation-debug-v*" --query "sort_by(Images, &CreationDate)[].ImageId" | jq -r '.[-1]')
+            else
+              AWS_IMAGE=${{ inputs.osImage }}
+            fi
+
+            yq eval -i "(.provider.aws.image) = \"${AWS_IMAGE}\"" constellation-conf.yaml
+            ;;
        esac

    - name: Set instanceType
@ -119,6 +144,7 @@ runs:
      run: |
        yq eval -i "(.provider | select(. | has(\"azure\")).azure.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
        yq eval -i "(.provider | select(. | has(\"gcp\")).gcp.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
+        yq eval -i "(.provider | select(. | has(\"aws\")).aws.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml

    - name: Create serviceAccountKey.json
      if: ${{ inputs.cloudProvider == 'gcp' }}
@ -196,6 +222,9 @@ runs:
          gcp)
            ./.github/actions/constellation_create/gcp-logs.sh
            ;;
+          aws)
+            ./.github/actions/constellation_create/aws-logs.sh eu-central-1
+            ;;
        esac
        echo "::endgroup::"

--- a/.github/actions/constellation_create/aws-logs.sh
+++ b/.github/actions/constellation_create/aws-logs.sh
@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+# Usage: ./aws-logs.sh <region>
+
+controlAutoscalingGroup=$(\
+    terraform show -json | \
+    jq -r .'values.root_module.child_modules[] |
+        select(.address == "module.instance_group_control_plane") |
+        .resources[0].values.name' \
+)
+workerAutoscalingGroup=$(\
+    terraform show -json | \
+    jq -r .'values.root_module.child_modules[] |
+        select(.address == "module.instance_group_worker_nodes") |
+        .resources[0].values.name' \
+)
+
+controlInstances=$(\
+    aws autoscaling describe-auto-scaling-groups \
+        --region "${1}" \
+        --no-paginate \
+        --output json \
+        --auto-scaling-group-names "${controlAutoscalingGroup}" | \
+    jq -r '.AutoScalingGroups[0].Instances[].InstanceId' \
+)
+workerInstances=$(\
+    aws autoscaling describe-auto-scaling-groups \
+        --region "${1}" \
+        --no-paginate \
+        --output json \
+        --auto-scaling-group-names "${workerAutoscalingGroup}" | \
+    jq -r '.AutoScalingGroups[0].Instances[].InstanceId' \
+)
+
+echo "Fetching logs from control planes: ${controlInstances}"
+
+for instance in $controlInstances; do
+    printf "Fetching for %s\n" ${instance}
+    aws ec2 get-console-output --region ${1} --instance-id ${instance} | \
+        jq -r .'Output' | \
+        tail -n +2 > control-plane-${instance}.log
+done
+
+echo "Fetching logs from worker nodes: ${workerInstances}"
+
+for instance in $workerInstances; do
+    printf "Fetching for %s\n" ${instance}
+    aws ec2 get-console-output --region ${1} --instance-id ${instance} | \
+        jq -r .'Output' | \
+        tail -n +2 > worker-${instance}.log
+done
--- a/.github/actions/constellation_create/az-logs.sh
+++ b/.github/actions/constellation_create/az-logs.sh
@ -16,6 +16,6 @@ for scaleset in $scalesetslist; do
        bloburi=$(az rest --method post --url https://management.azure.com/subscriptions/${subscription}/resourceGroups/${1}/providers/Microsoft.Compute/virtualMachineScaleSets/${scaleset}/virtualmachines/$instanceid/retrieveBootDiagnosticsData?api-version=2022-03-01 | jq '.serialConsoleLogBlobUri' -r)
        sleep 4
        curl -sL -o "./${scaleset}-${instanceid}.log" $bloburi
-        echo $(realpath "./${scaleset}-${instanceid}.log")
+        realpath "./${scaleset}-${instanceid}.log"
    done
 done
--- a/.github/actions/constellation_create/gcp-logs.sh
+++ b/.github/actions/constellation_create/gcp-logs.sh
@ -1,7 +1,5 @@
 #!/usr/bin/env bash

-# Usage: ./gcp-logs.sh
-
 CONTROL_INSTANCE_GROUP=$(terraform show -json | jq -r .'values.root_module.child_modules[] | select(.address == "module.instance_group_control_plane") | .resources[0].values.base_instance_name' )
 WORKER_INSTANCE_GROUP=$(terraform show -json | jq -r .'values.root_module.child_modules[] | select(.address == "module.instance_group_worker") | .resources[0].values.base_instance_name')
 ZONE=$(terraform show -json | jq -r .'values.root_module.child_modules[] | select(.address == "module.instance_group_control_plane") | .resources[0].values.zone' )
--- a/.github/actions/e2e_test/action.yml
+++ b/.github/actions/e2e_test/action.yml
@ -128,6 +128,13 @@ runs:
      with:
        gcp_service_account_json: ${{ inputs.gcp_service_account_json }}

+    - name: Login to AWS
+      if: inputs.cloudProvider == 'aws'
+      uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0
+      with:
+        role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2E
+        aws-region: eu-central-1
+
    - name: Create cluster
      id: constellation-create
      uses: ./.github/actions/constellation_create
--- a/.github/workflows/e2e-test-manual.yml
+++ b/.github/workflows/e2e-test-manual.yml
@ -17,6 +17,7 @@ on:
        options:
          - "gcp"
          - "azure"
+          - "aws"
        default: "azure"
        required: true
      test:
@ -57,6 +58,9 @@ env:
 jobs:
  e2e-test-manual:
    runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
+      contents: read
    steps:
      - name: Check out repository
        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@ -60,6 +60,7 @@ jobs:
        uses: ./.github/actions/login_azure
        with:
          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
+
      - name: Login to GCP
        uses: ./.github/actions/login_gcp
        with: