chore: Enables AWS encryption_at_rest acceptance tests to run in CI #3000
Conversation
maastha
changed the title
| @@ -625,6 +633,8 @@ jobs: | |||
|
|
|||
| encryption: | |||
| needs: [ change-detection, get-provider-version ] | |||
| concurrency: | |||
There was a problem hiding this comment.
Each test run for encryption takes about ~8min to complete. Since the tests use shared resources, I want to prevent multiple simultaneous runs.
I'm thinking as a follow-up I can separate out AWS and Azure tests in separate jobs using ACCTEST_REGEX_RUN to reduce the test run time more.
Will wait to see if any other suggestions.
There was a problem hiding this comment.
I see tests are using resource.Test instead of resource.ParallelTest, so I understand it's in case this is running in multiple PRs / test suites.
The main issue I see, as cancel-in-progress=false, is that there can be some pile-up of jobs, and for example some PR checks are blocked until older ones finish, if some gets stucks, it can be a long time until they time out. This could also block Test Suite.
but we can go ahead and see if this happens
| AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }} | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }} | ||
| AWS_CUSTOMER_MASTER_KEY_ID: ${{ secrets.aws_customer_master_key_id }} | ||
| MONGODB_ATLAS_PROJECT_EAR_PE_AWS_ID: ${{ inputs.mongodb_atlas_project_ear_pe_aws_id }} |
There was a problem hiding this comment.
n00b question: what does PE stand for?
| if os.Getenv("AWS_ACCESS_KEY_ID") == "" || | ||
| os.Getenv("AWS_SECRET_ACCESS_KEY") == "" || | ||
| os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID") == "" || | ||
| os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_AWS_ID") == "" || | ||
| os.Getenv("AWS_PRIVATE_ENDPOINT_REGION") == "" { |
There was a problem hiding this comment.
just checking is this change correct? what is the diff between the two EV?
| ExternalProviders: acc.ExternalProvidersOnlyAWS(), | ||
| ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, | ||
| CheckDestroy: acc.EARDestroy, | ||
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), | ||
| Check: resource.ComposeAggregateTestCheckFunc( | ||
| acc.CheckEARExists(resourceName), | ||
| resource.TestCheckResourceAttr(resourceName, "project_id", projectID), |
There was a problem hiding this comment.
being a TPF resource, consider checking only computed values
| @@ -625,6 +633,8 @@ jobs: | |||
|
|
|||
| encryption: | |||
| needs: [ change-detection, get-provider-version ] | |||
| concurrency: | |||
| group: ${{ github.repository }}-global-ear-concurrency | |||
There was a problem hiding this comment.
why the ${{ github.repository}}?
| @@ -27,14 +25,14 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) { | |||
| Enabled: conversion.Pointer(true), | |||
There was a problem hiding this comment.
Same comment as earlier PR 😅
Why we cannot refactor out the test case?
| acc.CheckEARExists(resourceName), | ||
| resource.TestCheckResourceAttr(resourceName, "project_id", projectID), | ||
| resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.customer_master_key_id", awsKms.GetCustomerMasterKeyID()), | ||
| resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.egion", awsKms.GetRegion()), |
There was a problem hiding this comment.
Are we sure the tests are running in CI?
| } | ||
| } | ||
|
|
||
| func PreCheckEncryptionAtRestEnvAWS(tb testing.TB) { | ||
| tb.Helper() | ||
| PreCheckBasic(tb) // temp |
|
Any reason why |
Description
Enables AWS encryption_at_rest acceptance tests to run in CI
Link to any related issue(s): CLOUDP-293831
Type of change:
Required Checklist:
Further comments