e2e: add AWS test

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2025-09-20 21:14:37 -04:00 · 2022-11-08 16:43:17 +01:00 · 2022-11-08 16:43:17 +01:00 · 11672acf0a
commit 11672acf0a
parent f6b3ef6a57
7 changed files with 102 additions and 12 deletions
--- a/.github/actions/constellation_create/action.yml
+++ b/.github/actions/constellation_create/action.yml
@ -11,12 +11,6 @@ inputs:
  cloudProvider:
    description: "Either 'gcp' or 'azure'."
    required: true
  gcpProject:
    description: "The GCP project to deploy Constellation in."
    required: false
  gcpClusterServiceAccountKey:
    description: "Service account to use inside the created Constellation cluster on GCP."
    required: false
  machineType:
    description: "Machine type of VM to spawn."
    required: false
@ -29,6 +23,18 @@ inputs:
  kubernetesVersion:
    description: "Kubernetes version to create the cluster from."
    required: false
  #
  # GCP specific inputs
  #
  gcpProject:
    description: "The GCP project to deploy Constellation in."
    required: false
  gcpClusterServiceAccountKey:
    description: "The GCP Service account to use inside the created Constellation cluster."
    required: false
  #
  # Azure specific inputs
  #
  azureSubscription:
    description: "The Azure subscription ID to deploy Constellation in."
    required: false
@ -36,16 +42,16 @@ inputs:
    description: "The Azure tenant ID to deploy Constellation in."
    required: false
  azureClientID:
-    description: "The client ID of the application registration created for Constellation in Azure."
+    description: "The Azure client ID of the application registration created for Constellation."
    required: false
  azureClientSecret:
-    description: "The client secret value of the used secret"
+    description: "The Azure client secret value of the used secret."
    required: false
  azureUserAssignedIdentity:
    description: "The Azure user assigned identity to use for Constellation."
    required: false
  azureResourceGroup:
-    description: "The resource group to use for Constellation cluster"
+    description: "The Azure resource group to use for Constellation cluster"
    required: false
 outputs:
@ -71,6 +77,7 @@ runs:
            (.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" |
            (.provider | select(. | has(\"azure\")).azure.enforcedMeasurements) = [15]" \
          constellation-conf.yaml
        yq eval -i \
          "(.provider | select(. | has(\"gcp\")).gcp.project) = \"${{ inputs.gcpProject }}\" |
            (.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" |
@ -79,6 +86,14 @@ runs:
            (.provider | select(. | has(\"gcp\")).gcp.serviceAccountKeyPath) = \"serviceAccountKey.json\"" \
          constellation-conf.yaml
        yq eval -i \
          "(.provider | select(. | has(\"aws\")).aws.region) = \"eu-central-1\" |
            (.provider | select(. | has(\"aws\")).aws.zone) = \"eu-central-1a\" |
            (.provider | select(. | has(\"aws\")).aws.iamProfileControlPlane) = \"e2e_test_control_plane_instance_profile\" |
            (.provider | select(. | has(\"aws\")).aws.iamProfileWorkerNodes) = \"e2e_test_worker_node_instance_profile\" |
            (.provider | select(. | has(\"aws\")).aws.enforcedMeasurements) = [15]" \
          constellation-conf.yaml
        if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then
          yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml
        fi
@ -111,6 +126,16 @@ runs:
            yq eval -i "(.provider.gcp.image) = \"${GCP_IMAGE}\"" constellation-conf.yaml
            ;;
          aws)
            if [ "${{ inputs.osImage == 'debug-latest' }}" = true ]
            then
              AWS_IMAGE=$(aws ec2 describe-images --owners 795746500882 --region eu-central-1 --filters "Name=name,Values=constellation-debug-v*" --query "sort_by(Images, &CreationDate)[].ImageId" | jq -r '.[-1]')
            else
              AWS_IMAGE=${{ inputs.osImage }}
            fi
            yq eval -i "(.provider.aws.image) = \"${AWS_IMAGE}\"" constellation-conf.yaml
            ;;
        esac
    - name: Set instanceType
@ -119,6 +144,7 @@ runs:
      run: |
        yq eval -i "(.provider | select(. | has(\"azure\")).azure.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
        yq eval -i "(.provider | select(. | has(\"gcp\")).gcp.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
        yq eval -i "(.provider | select(. | has(\"aws\")).aws.instanceType) = \"${{ inputs.machineType }}\"" constellation-conf.yaml
    - name: Create serviceAccountKey.json
      if: ${{ inputs.cloudProvider == 'gcp' }}
@ -196,6 +222,9 @@ runs:
          gcp)
            ./.github/actions/constellation_create/gcp-logs.sh
            ;;
          aws)
            ./.github/actions/constellation_create/aws-logs.sh eu-central-1
            ;;
        esac
        echo "::endgroup::"
--- a/.github/actions/constellation_create/aws-logs.sh
+++ b/.github/actions/constellation_create/aws-logs.sh
@ -0,0 +1,51 @@
 #!/usr/bin/env bash
 # Usage: ./aws-logs.sh <region>
 controlAutoscalingGroup=$(\
    terraform show -json | \
    jq -r .'values.root_module.child_modules[] |
        select(.address == "module.instance_group_control_plane") |
        .resources[0].values.name' \
 )
 workerAutoscalingGroup=$(\
    terraform show -json | \
    jq -r .'values.root_module.child_modules[] |
        select(.address == "module.instance_group_worker_nodes") |
        .resources[0].values.name' \
 )
 controlInstances=$(\
    aws autoscaling describe-auto-scaling-groups \
        --region "${1}" \
        --no-paginate \
        --output json \
        --auto-scaling-group-names "${controlAutoscalingGroup}" | \
    jq -r '.AutoScalingGroups[0].Instances[].InstanceId' \
 )
 workerInstances=$(\
    aws autoscaling describe-auto-scaling-groups \
        --region "${1}" \
        --no-paginate \
        --output json \
        --auto-scaling-group-names "${workerAutoscalingGroup}" | \
    jq -r '.AutoScalingGroups[0].Instances[].InstanceId' \
 )
 echo "Fetching logs from control planes: ${controlInstances}"
 for instance in $controlInstances; do
    printf "Fetching for %s\n" ${instance}
    aws ec2 get-console-output --region ${1} --instance-id ${instance} | \
        jq -r .'Output' | \
        tail -n +2 > control-plane-${instance}.log
 done
 echo "Fetching logs from worker nodes: ${workerInstances}"
 for instance in $workerInstances; do
    printf "Fetching for %s\n" ${instance}
    aws ec2 get-console-output --region ${1} --instance-id ${instance} | \
        jq -r .'Output' | \
        tail -n +2 > worker-${instance}.log
 done
--- a/.github/actions/constellation_create/az-logs.sh
+++ b/.github/actions/constellation_create/az-logs.sh
@ -16,6 +16,6 @@ for scaleset in $scalesetslist; do
        bloburi=$(az rest --method post --url https://management.azure.com/subscriptions/${subscription}/resourceGroups/${1}/providers/Microsoft.Compute/virtualMachineScaleSets/${scaleset}/virtualmachines/$instanceid/retrieveBootDiagnosticsData?api-version=2022-03-01 | jq '.serialConsoleLogBlobUri' -r)
        sleep 4
        curl -sL -o "./${scaleset}-${instanceid}.log" $bloburi
-        echo $(realpath "./${scaleset}-${instanceid}.log")
+        realpath "./${scaleset}-${instanceid}.log"
    done
 done
--- a/.github/actions/constellation_create/gcp-logs.sh
+++ b/.github/actions/constellation_create/gcp-logs.sh
@ -1,7 +1,5 @@
 #!/usr/bin/env bash
 # Usage: ./gcp-logs.sh
 CONTROL_INSTANCE_GROUP=$(terraform show -json | jq -r .'values.root_module.child_modules[] | select(.address == "module.instance_group_control_plane") | .resources[0].values.base_instance_name' )
 WORKER_INSTANCE_GROUP=$(terraform show -json | jq -r .'values.root_module.child_modules[] | select(.address == "module.instance_group_worker") | .resources[0].values.base_instance_name')
 ZONE=$(terraform show -json | jq -r .'values.root_module.child_modules[] | select(.address == "module.instance_group_control_plane") | .resources[0].values.zone' )
--- a/.github/actions/e2e_test/action.yml
+++ b/.github/actions/e2e_test/action.yml
@ -128,6 +128,13 @@ runs:
      with:
        gcp_service_account_json: ${{ inputs.gcp_service_account_json }}
    - name: Login to AWS
      if: inputs.cloudProvider == 'aws'
      uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0
      with:
        role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2E
        aws-region: eu-central-1
    - name: Create cluster
      id: constellation-create
      uses: ./.github/actions/constellation_create
--- a/.github/workflows/e2e-test-manual.yml
+++ b/.github/workflows/e2e-test-manual.yml
@ -17,6 +17,7 @@ on:
        options:
          - "gcp"
          - "azure"
          - "aws"
        default: "azure"
        required: true
      test:
@ -57,6 +58,9 @@ env:
 jobs:
  e2e-test-manual:
    runs-on: ubuntu-22.04
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Check out repository
        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@ -60,6 +60,7 @@ jobs:
        uses: ./.github/actions/login_azure
        with:
          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
      - name: Login to GCP
        uses: ./.github/actions/login_gcp
        with: