Skip to content

Bugfix | Catch error for not found/forbidden role #115

Bugfix | Catch error for not found/forbidden role

Bugfix | Catch error for not found/forbidden role #115

name: Tests | Integration
on: [pull_request, workflow_dispatch]
jobs:
integration_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: build_image
run: |
echo "[INFO] Building image"
make build-image
shell: bash
- name: run_integration_tests
run: |
echo "[INFO] Running integration tests"
make test-int
shell: bash
integration_tests_cli_refarch:
runs-on: ubuntu-latest
strategy:
max-parallel: 1
matrix:
python-version: ['3.8.14', '3.9.15', '3.10.8', '3.11.8', '3.12.5']
toolbox-image-tag: ['1.3.5-0.1.15', '1.5.0-0.1.15', '1.6.0-0.1.15']
steps:
- name: Checkout base branch
uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
- name: Install Poetry
run: |
echo "[INFO] Installing Poetry..."
curl -sSL https://install.python-poetry.org | POETRY_VERSION=1.8.2 python -
echo "[INFO] Configuring Poetry..."
poetry config virtualenvs.create false # This prevents poetry from creating a virtual environment
- name: Install dependencies using Poetry
run: |
echo "[INFO] Installing dependencies..."
export ENV POETRY_VIRTUALENVS_CREATE=false
export PATH="${PATH}:${HOME}/.poetry/bin"
poetry install --with=dev
- name: Build Leverage CLI
run: |
echo "[INFO] Building Leverage CLI"
echo "[INFO] Working with python version $(python --version)"
make build
pip install -e .
- name: Create directories
run: |
mkdir -p ../theadamproject
# These are later mounted in the container
mkdir ~/.ssh && touch ~/.gitconfig
- name: Project Init
run: |
printf "[INFO] Project Init\n"
leverage project init
if [[ -f project.yaml ]];
then
printf "[INFO] OK \n"
else
printf "[ERROR] Fail \n"
exit 1
fi
working-directory: ../theadamproject
- name: Set project file and create
run: |
printf "[INFO] Setting Project file\n"
sed 's/<project name>/the-adam-project/' -i project.yaml
sed 's/<short project name>/bb/' -i project.yaml
sed 's/<management email address>/bb@domainmgmt/' -i project.yaml
sed 's/<security email address>/bb@domainsec/' -i project.yaml
sed 's/<shared email address>/bb@domainshared/' -i project.yaml
sed 's/<user.name>/bbuser/' -i project.yaml
printf "[INFO] Creating Project"
leverage project create
printf "[INFO] Checking Project"
for i in config management security shared; do if [[ ! -d $i ]]; then echo '[ERROR] Fail' && exit 1; fi ;done
working-directory: ../theadamproject
- name: Set up credentials
run: |
printf "[INFO] Setting up credentials\n"
mkdir -p ~/.aws/bb
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile bb-deploymaster
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile bb-deploymaster
aws configure set region us-east-1 --profile bb-apps-devstg-devops
aws configure set output json --profile bb-apps-devstg-devops
aws configure set role_arn arn:aws:iam::${{ secrets.AWS_DEVSTG_ACCOUNT_ID }}:role/DeployMaster --profile bb-apps-devstg-devops
aws configure set source_profile bb-deploymaster --profile bb-apps-devstg-devops
cat << EOF > ~/.aws/credentials
[bb-deploymaster]
aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}
EOF
cp ~/.aws/credentials ~/.aws/bb/
cp ~/.aws/config ~/.aws/bb/
- name: Configure Reference Architecture
run: |
echo "[INFO] Configure Reference Architecture\n"
cat << EOF > ./config/common.tfvars
project = "bb"
project_long = "binbash"
region_primary = "us-east-1"
region_secondary = "us-east-2"
vault_address = "vault_trash"
vault_token = "vault_trash"
sso_region = "us-east-1"
sso_enabled = false
sso_start_url = "sso_trash"
accounts = {
security = {
id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }}
}
}
EOF
echo "[INFO] Disable MFA\n"
sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env
working-directory: ../theadamproject
- name: Test Terraform
env:
LEVERAGE_INTERACTIVE: 0
run: |
printf "[INFO] Testing terraform\n"
printf "[INFO] Initializing layer\n"
leverage tf init --skip-validation
working-directory: ../theadamproject/security/us-east-1/base-tf-backend
- name: Test AWS
run: |
printf "[INFO] Testing AWS\n"
printf "[INFO] Getting identity\n"
ID=$(leverage aws sts get-caller-identity --profile bb-apps-devstg-devops | grep Account | sed -E 's/^.*("Account.+")[0-9]{12}".*$/\1************"/')
if [[ "$ID" == "\"Account\": \"************\"" ]];
then
printf "[INFO] OK \n"
else
printf "[ERROR] Fail \n"
exit 1
fi
working-directory: ../theadamproject/security/us-east-1/base-tf-backend
- name: Clone Testing Reference Architecture repo
run: |
printf "[INFO] Cloning repo...\n"
git clone https://github.com/binbashar/le-tf-infra-aws.git ../theblairwitchproject
- name: Set Toolbox Image Tag for the cloned ref arch repo
run: |
echo "Updating Terraform Image Tag to ${{ matrix.toolbox-image-tag }}"
sed -E -i 's/^TERRAFORM_IMAGE_TAG=.+$/TERRAFORM_IMAGE_TAG=${{ matrix.toolbox-image-tag }}/' build.env
working-directory: ../theblairwitchproject
- name: Configure Testing Reference Architecture
run: |
echo "[INFO] Configure Reference Architecture\n"
cat << EOF > ./config/common.tfvars
project = "bb"
project_long = "binbash"
region_primary = "us-east-1"
region_secondary = "us-east-2"
vault_address = "vault_trash"
vault_token = "vault_trash"
sso_region = "us-east-1"
sso_enabled = false
sso_start_url = "sso_trash"
accounts = {
security = {
id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }}
}
}
EOF
echo "[INFO] Disable MFA\n"
sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env
working-directory: ../theblairwitchproject
- name: Test Testing Reference Architecture
env:
LEVERAGE_INTERACTIVE: 0
run: |
printf "[INFO] Initializing layer\n"
leverage tf init --layers cli-test-layer,base-identities
printf "[INFO] Generating plan\n"
leverage tf plan --layers cli-test-layer
printf "[INFO] Applying changes\n"
leverage tf apply -auto-approve --layers cli-test-layer
printf "[INFO] Checking if all changes were applied\n"
leverage tf plan -detailed-exitcode --layers cli-test-layer
[[ $? -eq 2 ]] && printf "[WARN] There are still remaining changes\n"
[[ $? -eq 0 ]] && printf "[INFO] Apply checks out\n"
printf "[INFO] Destroying all generated created resources\n"
leverage tf destroy -auto-approve --layers cli-test-layer
working-directory: ../theblairwitchproject/apps-devstg/global