From aac9461c07b2cc51a34ed6b6a1d6e13dc62a7f07 Mon Sep 17 00:00:00 2001 From: Craig Furman Date: Wed, 31 May 2023 15:02:45 +0100 Subject: [PATCH 1/4] chore: fix various AWS acceptance tests --- .../aws/aws_api_gateway_authorizer_test.go | 2 +- .../aws_lambda_event_source_mapping_test.go | 2 +- pkg/resource/aws/aws_s3_bucket_test.go | 4 +- .../.terraform.lock.hcl | 31 ++++++---- .../aws_api_gateway_authorizer/terraform.tf | 48 +++++++-------- .../.terraform.lock.hcl | 31 ++++++---- .../aws_apigatewayv2_authorizer/terraform.tf | 38 ++++++------ .../aws_lambda_event_source_mapping/main.tf | 20 +++---- .../acc/aws_s3_bucket/.terraform.lock.hcl | 59 ++++++++++--------- .../testdata/acc/aws_s3_bucket/providers.tf | 4 +- .../aws/testdata/acc/aws_s3_bucket/s3.tf | 45 +------------- 11 files changed, 129 insertions(+), 155 deletions(-) diff --git a/pkg/resource/aws/aws_api_gateway_authorizer_test.go b/pkg/resource/aws/aws_api_gateway_authorizer_test.go index 44aee41ac..aa966bf75 100644 --- a/pkg/resource/aws/aws_api_gateway_authorizer_test.go +++ b/pkg/resource/aws/aws_api_gateway_authorizer_test.go @@ -9,7 +9,7 @@ import ( func TestAcc_Aws_ApiGatewayAuthorizer(t *testing.T) { acceptance.Run(t, acceptance.AccTestCase{ - TerraformVersion: "0.15.5", + TerraformVersion: "1.4.6", Paths: []string{"./testdata/acc/aws_api_gateway_authorizer"}, Args: []string{"scan"}, Checks: []acceptance.AccCheck{ diff --git a/pkg/resource/aws/aws_lambda_event_source_mapping_test.go b/pkg/resource/aws/aws_lambda_event_source_mapping_test.go index fd046a762..67853094d 100644 --- a/pkg/resource/aws/aws_lambda_event_source_mapping_test.go +++ b/pkg/resource/aws/aws_lambda_event_source_mapping_test.go @@ -12,7 +12,7 @@ import ( func TestAcc_Aws_LambdaEventSourceMapping(t *testing.T) { acceptance.Run(t, acceptance.AccTestCase{ - TerraformVersion: "0.15.5", + TerraformVersion: "1.4.6", Paths: []string{"./testdata/acc/aws_lambda_event_source_mapping"}, Args: []string{"scan", "--deep"}, Checks: []acceptance.AccCheck{ diff --git a/pkg/resource/aws/aws_s3_bucket_test.go b/pkg/resource/aws/aws_s3_bucket_test.go index f9d478d2e..2662c43d6 100644 --- a/pkg/resource/aws/aws_s3_bucket_test.go +++ b/pkg/resource/aws/aws_s3_bucket_test.go @@ -9,7 +9,7 @@ import ( func TestAcc_Aws_S3Bucket_BucketInUsEast1(t *testing.T) { acceptance.Run(t, acceptance.AccTestCase{ - TerraformVersion: "0.15.5", + TerraformVersion: "1.4.6", Paths: []string{"./testdata/acc/aws_s3_bucket"}, Args: []string{"scan", "--deep"}, Checks: []acceptance.AccCheck{ @@ -21,7 +21,7 @@ func TestAcc_Aws_S3Bucket_BucketInUsEast1(t *testing.T) { if err != nil { t.Fatal(err) } - result.AssertManagedCount(5) + result.AssertManagedCount(1) result.AssertDriftCountTotal(0) }, }, diff --git a/pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/.terraform.lock.hcl b/pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/.terraform.lock.hcl index 4c3c17a70..f91900a6f 100644 --- a/pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/.terraform.lock.hcl +++ b/pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/.terraform.lock.hcl @@ -2,19 +2,24 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "3.19.0" - constraints = "3.19.0" + version = "5.0.1" + constraints = "~> 5.0.0" hashes = [ - "h1:xur9tF49NgsovNnmwmBR8RdpN8Fcg1TD4CKQPJD6n1A=", - "zh:185a5259153eb9ee4699d4be43b3d509386b473683392034319beee97d470c3b", - "zh:2d9a0a01f93e8d16539d835c02b8b6e1927b7685f4076e96cb07f7dd6944bc6c", - "zh:703f6da36b1b5f3497baa38fccaa7765fb8a2b6440344e4c97172516b49437dd", - "zh:770855565462abadbbddd98cb357d2f1a8f30f68a358cb37cbd5c072cb15b377", - "zh:8008db43149fe4345301f81e15e6d9ddb47aa5e7a31648f9b290af96ad86e92a", - "zh:8cdd27d375da6dcb7687f1fed126b7c04efce1671066802ee876dbbc9c66ec79", - "zh:be22ae185005690d1a017c1b909e0d80ab567e239b4f06ecacdba85080667c1c", - "zh:d2d02e72dbd80f607636cd6237a6c862897caabc635c7b50c0cb243d11246723", - "zh:d8f125b66a1eda2555c0f9bbdf12036a5f8d073499a22ca9e4812b68067fea31", - "zh:f5a98024c64d5d2973ff15b093725a074c0cb4afde07ef32c542e69f17ac90bc", + "h1:SB38lIGsF3yHKujEBnTSsH4VOAskn8XZNPpuCPuhJYw=", + "zh:006daf4060087b5f0c13562beed33f524a6f9e04ebd72a782bfe60502076368f", + "zh:0f49636550aadd373c7e5c710600901c2f153ddd71b6c50482e1afdbb3f8d95d", + "zh:1999d2fad0a7a884aab0d191507cf895df0ea7201369a2ef37529f4253ce1065", + "zh:1b51774866cddca5a2da5a09a316e9ca078fc821f47611a184245ca892e9335d", + "zh:2875579acceba1403563c4281c76a3a9b53b970ed6494e5370e27efb6430bb50", + "zh:349eb9ab7c026b72154ce55c7bf9a69ebb3c3a4745ecfdb0c593400762ed1b0c", + "zh:38f96c14db5b3beb80748010c0a97dd097a303b24c8478a1286ce1f48a1a0375", + "zh:3d212e6e4fc54584e47faeccf501e5a68266c7fe9e36d89ad787c2e1f0e86197", + "zh:3ea61ab960ef34ff66457319b9083c8645a9f801f7b5578e7e3f616e26945f90", + "zh:584db6d88a07cac639f746104ccd5ed5c517ed99f892a143dad3bb64023098fc", + "zh:653def88ffa17b628459f942e743d30ab9fc2194af464d88258a784d9282f9f9", + "zh:9737008fea7ffbf5782fceb0108a283e91992c47bfcb93ec55ef43deaa7e509d", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:ce3ba0cabc1704c584cc46bf1432b14ba1d34b1a30e03a5694b5940cf1673ab8", + "zh:de3e6d4e1defc6032359fc229000a1458d777adb07974293f194dde069adcc04", ] } diff --git a/pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/terraform.tf b/pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/terraform.tf index 7ee91f0a9..3eab67d47 100644 --- a/pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/terraform.tf +++ b/pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/terraform.tf @@ -4,34 +4,34 @@ provider "aws" { terraform { required_providers { - aws = "3.19.0" + aws = "~> 5.0.0" } } resource "aws_api_gateway_rest_api" "foo" { - name = "foo" - description = "This is foo API" + name = "foo" + description = "This is foo API" } resource "aws_api_gateway_authorizer" "foo" { - name = "foo" - rest_api_id = aws_api_gateway_rest_api.foo.id - authorizer_uri = aws_lambda_function.authorizer.invoke_arn - authorizer_credentials = aws_iam_role.invocation_role.arn + name = "foo" + rest_api_id = aws_api_gateway_rest_api.foo.id + authorizer_uri = aws_lambda_function.authorizer.invoke_arn + authorizer_credentials = aws_iam_role.invocation_role.arn } resource "aws_api_gateway_authorizer" "bar" { - name = "bar" - rest_api_id = aws_api_gateway_rest_api.foo.id - authorizer_uri = aws_lambda_function.authorizer.invoke_arn - authorizer_credentials = aws_iam_role.invocation_role.arn + name = "bar" + rest_api_id = aws_api_gateway_rest_api.foo.id + authorizer_uri = aws_lambda_function.authorizer.invoke_arn + authorizer_credentials = aws_iam_role.invocation_role.arn } resource "aws_iam_role" "invocation_role" { - name = "api_gateway_auth_invocation" - path = "/" + name = "api_gateway_auth_invocation" + path = "/" - assume_role_policy = < Date: Wed, 31 May 2023 15:18:24 +0100 Subject: [PATCH 2/4] chore: re-enable nightly acceptance tests This reverts commit 9907b1cd4245006d77670f66cd74fac4eaf2bf9c. --- .circleci/config.yml | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a6d96d21c..ebf6e05c4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -216,28 +216,27 @@ jobs: project: ${CIRCLE_PROJECT_REPONAME} organization: cloud-cloud workflows: -# Temporarily disabled -# nightly: -# jobs: -# - test_acc: -# name: "Acceptance tests: << matrix.pattern >>" -# matrix: -# parameters: -# pattern: -# - TestAcc_Aws -# - TestAcc_Github_ -# - TestAcc_Google -# - TestAcc_Azure_ -# - TestAcc_StateReader_ -# context: -# - driftctl-acc -# triggers: -# - schedule: -# cron: "0 3 * * *" -# filters: -# branches: -# only: -# - main + nightly: + jobs: + - test_acc: + name: "Acceptance tests: << matrix.pattern >>" + matrix: + parameters: + pattern: + - TestAcc_Aws + - TestAcc_Github_ + - TestAcc_Google + - TestAcc_Azure_ + - TestAcc_StateReader_ + context: + - driftctl-acc + triggers: + - schedule: + cron: "0 3 * * *" + filters: + branches: + only: + - main pullrequest: jobs: - lint: From 01b24beebfb395972912c479579854287cd029d5 Mon Sep 17 00:00:00 2001 From: Craig Furman Date: Wed, 31 May 2023 17:43:06 +0100 Subject: [PATCH 3/4] chore: manual acceptance test job In order to trigger acceptance tests for certain branches pre-merge, and without having to wait for a nightly build, you can click "trigger pipeline" in CircleCI and enter `ACC_TESTS=1` as a parameter. --- .circleci/config.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index ebf6e05c4..ddfe12d82 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -14,6 +14,11 @@ orbs: codecov: codecov/codecov@3.1.0 snyk: snyk/snyk@1.1.2 gh: circleci/github-cli@1.1.0 +parameters: + ACC_TESTS: + type: string + description: manually run acceptance tests + default: '0' jobs: test_acc: parameters: @@ -237,6 +242,22 @@ workflows: branches: only: - main + manual-acc-tests: + when: + equal: ['1', << pipeline.parameters.ACC_TESTS >>] + jobs: + - test_acc: + name: "Acceptance tests: << matrix.pattern >>" + matrix: + parameters: + pattern: + - TestAcc_Aws + - TestAcc_Github_ + - TestAcc_Google + - TestAcc_Azure_ + - TestAcc_StateReader_ + context: + - driftctl-acc pullrequest: jobs: - lint: From 7e92a798f51987a5f7b2ad7d0a96a2a5b476ed67 Mon Sep 17 00:00:00 2001 From: Craig Furman Date: Thu, 1 Jun 2023 10:48:15 +0100 Subject: [PATCH 4/4] chore: remove references to non-Snyk domains in acc test fixtures --- .../google_project_iam_member/terraform.tf | 18 +++---- .../terraform.tf | 54 +++++++++---------- .../terraform.tf | 48 ++++++++--------- 3 files changed, 60 insertions(+), 60 deletions(-) diff --git a/pkg/resource/google/testdata/acc/google_project_iam_member/terraform.tf b/pkg/resource/google/testdata/acc/google_project_iam_member/terraform.tf index 786cef943..59028d9c9 100644 --- a/pkg/resource/google/testdata/acc/google_project_iam_member/terraform.tf +++ b/pkg/resource/google/testdata/acc/google_project_iam_member/terraform.tf @@ -1,20 +1,20 @@ provider "google" {} terraform { - required_version = "~> 0.15.0" - required_providers { - google = { - version = "3.78.0" - } + required_version = "~> 0.15.0" + required_providers { + google = { + version = "3.78.0" } + } } resource "google_project_iam_member" "elie1" { - role = "roles/editor" - member = "user:elie.charra@cloudskiff.com" + role = "roles/editor" + member = "user:cloud-context-team@snyk.io" } resource "google_project_iam_member" "will1" { - role = "roles/viewer" - member = "user:william.beuil@cloudskiff.com" + role = "roles/viewer" + member = "user:cloud-context-team@snyk.io" } diff --git a/pkg/resource/google/testdata/acc/google_storage_bucket_iam_binding/terraform.tf b/pkg/resource/google/testdata/acc/google_storage_bucket_iam_binding/terraform.tf index e899de44d..0e0de0140 100644 --- a/pkg/resource/google/testdata/acc/google_storage_bucket_iam_binding/terraform.tf +++ b/pkg/resource/google/testdata/acc/google_storage_bucket_iam_binding/terraform.tf @@ -1,50 +1,50 @@ provider "google" {} terraform { - required_version = "~> 0.15.0" - required_providers { - google = { - version = "3.78.0" - } + required_version = "~> 0.15.0" + required_providers { + google = { + version = "3.78.0" } + } } resource "random_string" "postfix" { - length = 6 - upper = false - special = false + length = 6 + upper = false + special = false } resource "google_storage_bucket" "driftctl-unittest" { - name = "driftctl-unittest-1-${random_string.postfix.result}" - location = "EU" + name = "driftctl-unittest-1-${random_string.postfix.result}" + location = "EU" } resource "google_storage_bucket_iam_binding" "binding_admin_1" { - bucket = google_storage_bucket.driftctl-unittest.name - role = "roles/storage.admin" - members = [ - "user:elie.charra@cloudskiff.com", - ] + bucket = google_storage_bucket.driftctl-unittest.name + role = "roles/storage.admin" + members = [ + "user:team-cloud-context@snyk.io", + ] } resource "google_storage_bucket_iam_binding" "binding_viewer_1" { - bucket = google_storage_bucket.driftctl-unittest.name - role = "roles/storage.objectViewer" - members = [ - "user:william.beuil@cloudskiff.com", - ] + bucket = google_storage_bucket.driftctl-unittest.name + role = "roles/storage.objectViewer" + members = [ + "user:team-cloud-context@snyk.io", + ] } resource "google_storage_bucket" "driftctl-unittest2" { - name = "driftctl-unittest-2-${random_string.postfix.result}" - location = "EU" + name = "driftctl-unittest-2-${random_string.postfix.result}" + location = "EU" } resource "google_storage_bucket_iam_binding" "binding_admin_2" { - bucket = google_storage_bucket.driftctl-unittest2.name - role = "roles/storage.admin" - members = [ - "user:elie.charra@cloudskiff.com", - ] + bucket = google_storage_bucket.driftctl-unittest2.name + role = "roles/storage.admin" + members = [ + "user:team-cloud-context@snyk.io", + ] } diff --git a/pkg/resource/google/testdata/acc/google_storage_bucket_iam_member/terraform.tf b/pkg/resource/google/testdata/acc/google_storage_bucket_iam_member/terraform.tf index 186745425..8860a6777 100644 --- a/pkg/resource/google/testdata/acc/google_storage_bucket_iam_member/terraform.tf +++ b/pkg/resource/google/testdata/acc/google_storage_bucket_iam_member/terraform.tf @@ -1,50 +1,50 @@ provider "google" {} terraform { - required_version = "~> 0.15.0" - required_providers { - google = { - version = "3.78.0" - } + required_version = "~> 0.15.0" + required_providers { + google = { + version = "3.78.0" } + } } resource "random_string" "postfix" { - length = 6 - upper = false - special = false + length = 6 + upper = false + special = false } resource "google_storage_bucket" "driftctl-unittest" { - name = "driftctl-unittest-1-${random_string.postfix.result}" - location = "EU" + name = "driftctl-unittest-1-${random_string.postfix.result}" + location = "EU" } resource "google_storage_bucket_iam_member" "elie1" { - bucket = google_storage_bucket.driftctl-unittest.name - role = "roles/storage.admin" - member = "user:elie.charra@cloudskiff.com" + bucket = google_storage_bucket.driftctl-unittest.name + role = "roles/storage.admin" + member = "user:team-cloud-context@snyk.io" } resource "google_storage_bucket_iam_member" "will1" { - bucket = google_storage_bucket.driftctl-unittest.name - role = "roles/storage.objectViewer" - member = "user:william.beuil@cloudskiff.com" + bucket = google_storage_bucket.driftctl-unittest.name + role = "roles/storage.objectViewer" + member = "user:team-cloud-context@snyk.io" } resource "google_storage_bucket" "driftctl-unittest2" { - name = "driftctl-unittest-2-${random_string.postfix.result}" - location = "EU" + name = "driftctl-unittest-2-${random_string.postfix.result}" + location = "EU" } resource "google_storage_bucket_iam_member" "eli2" { - bucket = google_storage_bucket.driftctl-unittest2.name - role = "roles/storage.objectViewer" - member = "user:elie.charra@cloudskiff.com" + bucket = google_storage_bucket.driftctl-unittest2.name + role = "roles/storage.objectViewer" + member = "user:team-cloud-context@snyk.io" } resource "google_storage_bucket_iam_member" "will2" { - bucket = google_storage_bucket.driftctl-unittest2.name - role = "roles/storage.admin" - member = "user:william.beuil@cloudskiff.com" + bucket = google_storage_bucket.driftctl-unittest2.name + role = "roles/storage.admin" + member = "user:team-cloud-context@snyk.io" }