From ce02b8f973baddb5b8030f33490fa3f8d3d90348 Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Fri, 13 Sep 2024 18:47:05 +0200 Subject: [PATCH] Added iam-auth-enabled input --- .github/workflows/test-iam-auth-skipped.yml | 171 ++++++++++++++++++++ action.yml | 5 + 2 files changed, 176 insertions(+) create mode 100644 .github/workflows/test-iam-auth-skipped.yml diff --git a/.github/workflows/test-iam-auth-skipped.yml b/.github/workflows/test-iam-auth-skipped.yml new file mode 100644 index 00000000..607fc4d5 --- /dev/null +++ b/.github/workflows/test-iam-auth-skipped.yml @@ -0,0 +1,171 @@ +name: "Test - Changes exists" + +on: + workflow_dispatch: {} + pull_request: + types: [opened, synchronize] + +env: + AWS_REGION: us-east-2 + +# Permissions required for assuming AWS identity +permissions: + id-token: write + contents: read + +jobs: + setup: + runs-on: ubuntu-latest + steps: + - name: Setup + run: echo "Do setup" + + test: + runs-on: ubuntu-latest + continue-on-error: true + needs: [setup] + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - shell: bash + run: | + mkdir -p ${{ runner.temp }} + cp ./tests/terraform/atmos.yaml ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__INFRACOST_ENABLED__#false#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__STORAGE_REGION__#${{ env.AWS_REGION }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__STORAGE_BUCKET__#${{ secrets.TERRAFORM_STATE_BUCKET }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__STORAGE_TABLE__#${{ secrets.TERRAFORM_STATE_TABLE }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__STORAGE_TABLE__#${{ secrets.TERRAFORM_STATE_TABLE }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__STORAGE_ROLE__#${{ secrets.TERRAFORM_STATE_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__APPLY_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + + - name: Configure Plan AWS Credentials + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + aws-region: ${{ env.AWS_REGION }} + role-to-assume: ${{ secrets.TERRAFORM_PLAN_ROLE }} + role-session-name: "atmos-terraform-plan-gitops" + mask-aws-account-id: "no" + + - name: Plan Atmos Component + id: current + uses: ./ + with: + component: "foobar/changes" + stack: "plat-ue2-sandbox" + sha: ${{ github.sha }} + atmos-config-path: ${{ runner.temp }} + atmos-version: 1.81.0 + iam-auth-enabled: false + + outputs: + result: ${{ steps.current.outcome }} + summary: ${{ steps.current.outputs.summary }} + + assert: + runs-on: ubuntu-latest + needs: [test] + steps: + - uses: nick-fields/assert-action@v2 + with: + expected: 'success' + actual: "${{ needs.test.outputs.result }}" + + - name: Display structure of downloaded files + id: metadata + run: | + set +e + + test -d ./metadata + DIR_EXISTS=$? + echo "dir_exists=${DIR_EXISTS}" >> $GITHUB_OUTPUT + + - uses: nick-fields/assert-action@v2 + with: + actual: "${{ steps.metadata.outputs.dir_exists }}" + expected: "1" + + - uses: nick-fields/assert-action@v2 + with: + actual: "${{ fromJSON(needs.test.outputs.summary) }}" + expected: | + ## Changes Found for `foobar/changes` in `plat-ue2-sandbox` + + + [![create](https://shields.io/badge/PLAN-CREATE-success?style=for-the-badge)](#user-content-create-plat-ue2-sandbox-foobar_changes) + + + +
Plan: 1 to add, 0 to change, 0 to destroy. + +
+ To reproduce this locally, run:

+ + ```shell + atmos terraform plan foobar/changes -s plat-ue2-sandbox + ``` + + + + + --- + ### Create + ```diff + + random_id.foo[0] + ``` + +
+ +
Terraform Plan Summary + + ```hcl + + # random_id.foo[0] will be created + + resource "random_id" "foo" { + + b64_std = (known after apply) + + b64_url = (known after apply) + + byte_length = 8 + + dec = (known after apply) + + hex = (known after apply) + + id = (known after apply) + + keepers = { + + "seed" = "foo-plat-ue2-sandbox-blue" + } + } + + Plan: 1 to add, 0 to change, 0 to destroy. + + Warning: Test warning summary + + with data.validation_warning.warn[0], + on main.tf line 20, in data "validation_warning" "warn": + 20: data "validation_warning" "warn" { + + Test warning details + ``` + +
+ + + > [!WARNING] + > ``` + > Warning: Test warning summary + > + > with data.validation_warning.warn[0], + > on main.tf line 20, in data "validation_warning" "warn": + > 20: data "validation_warning" "warn" { + > + > Test warning details + > ``` + + + teardown: + runs-on: ubuntu-latest + needs: [assert] + if: ${{ always() }} + steps: + - name: Tear down + run: echo "Do Tear down" diff --git a/action.yml b/action.yml index 907a0eb7..cf07a581 100644 --- a/action.yml +++ b/action.yml @@ -19,6 +19,10 @@ inputs: description: "Indicate whether this action is used in drift detection workflow." required: true default: 'false' + iam-auth-enabled: + description: Whether to assume the Terraform plan IAM role prior to running atmos commands + required: false + default: "true" atmos-version: description: The version of atmos to install required: false @@ -109,6 +113,7 @@ runs: - name: Configure Plan AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 + if: ${{ inputs.iam-auth-enabled == 'true' }} with: aws-region: ${{ steps.config.outputs.aws-region }} role-to-assume: ${{ steps.config.outputs.terraform-plan-role }}