fix tests

camunda · Oct 4, 2024 · ee987b1 · ee987b1
1 parent 4f80303
commit ee987b1
Show file tree

Hide file tree

Showing 5 changed files with 88 additions and 76 deletions.
diff --git a/.github/actions/eks-cleanup-resources/scripts/destroy.sh b/.github/actions/eks-cleanup-resources/scripts/destroy.sh
@@ -27,7 +27,6 @@ set -o pipefail
 # - AWS CLI installed and configured with the necessary permissions to access and modify the S3 bucket.
 # - Terraform installed and accessible in the PATH.
 
-
 # Check for required arguments
 if [ "$#" -lt 5 ] || [ "$#" -gt 6 ]; then
   echo "Usage: $0 <BUCKET> <MODULES_DIR> <TEMP_DIR_PREFIX> <MIN_AGE_IN_HOURS> <ID_OR_ALL> [MODULE_NAME]"
@@ -186,66 +185,106 @@ if [ $aws_exit_code -ne 0 ]; then
   exit 1
 fi
 
-
+# Categorize resources by module type
 if [ "$ID_OR_ALL" == "all" ]; then
   resources=$(echo "$all_objects" | grep "/terraform.tfstate" | awk '{print $4}')
 else
   resources=$(echo "$all_objects" | grep "/terraform.tfstate" | grep "$ID_OR_ALL" | awk '{print $4}')
 fi
+
 # Check if resources is empty (i.e., no objects found)
 if [ -z "$resources" ]; then
   echo "No terraform.tfstate objects found in the S3 bucket. Exiting script." >&2
   exit 0
 fi
 
-current_timestamp=$($date_command +%s)
+# Initialise arrays for the resources by module type
+aurora_resources=()
+opensearch_resources=()
+eks_resources=()
 
+# Classify resources into different module types
 for resource_id in $resources; do
-  cd "$CURRENT_DIR" || return 1
-
   terraform_module=$(basename "$(dirname "$resource_id")")
-  echo "Checking resource $resource_id (terraform module=$terraform_module)"
 
-  # Apply module name filter if specified
-  if [ "$MODULE_NAME" != "all" ] && [ "$MODULE_NAME" != "$terraform_module" ]; then
-    echo "Skipping resource $resource_id because it does not match the specified module name: $MODULE_NAME"
-    continue
-  fi
+  case "$terraform_module" in
+    aurora)
+      aurora_resources+=("$resource_id")
+      ;;
+    opensearch)
+      opensearch_resources+=("$resource_id")
+      ;;
+    eks-cluster)
+      eks_resources+=("$resource_id")
+      ;;
+    *)
+      echo "Skipping unsupported module: $terraform_module"
+      ;;
+  esac
+done
 
-  last_modified=$(aws s3api head-object --bucket "$BUCKET" --key "$resource_id" --output json | grep LastModified | awk -F '"' '{print $4}')
-  if [ -z "$last_modified" ]; then
-    echo "Error: Failed to retrieve last modified timestamp for resource $resource_id"
-    exit 1
-  fi
+current_timestamp=$($date_command +%s)
 
-  last_modified_timestamp=$($date_command -d "$last_modified" +%s)
-  if [ -z "$last_modified_timestamp" ]; then
-    echo "Error: Failed to convert last modified timestamp to seconds since epoch for resource $resource_id"
-    exit 1
-  fi
-  echo "resource $resource_id last modification: $last_modified ($last_modified_timestamp)"
+# Function to process the destruction for a specific resource type
+process_resources_in_order() {
+  local resources=("$@")  # Accept an array of resources to process
 
-  file_age_hours=$(( ($current_timestamp - $last_modified_timestamp) / 3600 ))
-  if [ -z "$file_age_hours" ]; then
-    echo "Error: Failed to calculate file age in hours for resource $resource_id"
-    exit 1
-  fi
-  echo "resource $resource_id is $file_age_hours hours old"
+  for resource_id in "${resources[@]}"; do
+    cd "$CURRENT_DIR" || return 1
 
-  if [ $file_age_hours -ge "$MIN_AGE_IN_HOURS" ]; then
-    # name of the cluster is always after terraform/
-    cluster_name=$(echo "$resource_id" | cut -d'/' -f2)
-    echo "Destroying resource $resource_id in $terraform_module (cluster_name=$cluster_name)"
+    terraform_module=$(basename "$(dirname "$resource_id")")
+    echo "Checking resource $resource_id (terraform module=$terraform_module)"
 
-    if ! destroy_resource "$resource_id" "$terraform_module" "$cluster_name"; then
-      echo "Error destroying resource $resource_id"
-      FAILED=1
+    # Apply module name filter if specified
+    if [ "$MODULE_NAME" != "all" ] && [ "$MODULE_NAME" != "$terraform_module" ]; then
+      echo "Skipping resource $resource_id because it does not match the specified module name: $MODULE_NAME"
+      continue
     fi
 
-  else
-    echo "Skipping resource $resource_id as it does not meet the minimum age requirement of $MIN_AGE_IN_HOURS hours"
-  fi
-done
+    last_modified=$(aws s3api head-object --bucket "$BUCKET" --key "$resource_id" --output json | grep LastModified | awk -F '"' '{print $4}')
+    if [ -z "$last_modified" ]; then
+      echo "Error: Failed to retrieve last modified timestamp for resource $resource_id"
+      exit 1
+    fi
+
+    last_modified_timestamp=$($date_command -d "$last_modified" +%s)
+    if [ -z "$last_modified_timestamp" ]; then
+      echo "Error: Failed to convert last modified timestamp to seconds since epoch for resource $resource_id"
+      exit 1
+    fi
+    echo "Resource $resource_id last modification: $last_modified ($last_modified_timestamp)"
+
+    file_age_hours=$(( ($current_timestamp - $last_modified_timestamp) / 3600 ))
+    if [ -z "$file_age_hours" ]; then
+      echo "Error: Failed to calculate file age in hours for resource $resource_id"
+      exit 1
+    fi
+    echo "Resource $resource_id is $file_age_hours hours old"
+
+    if [ $file_age_hours -ge "$MIN_AGE_IN_HOURS" ]; then
+      # Name of the cluster is always after terraform/
+      cluster_name=$(echo "$resource_id" | cut -d'/' -f2)
+      echo "Destroying resource $resource_id in $terraform_module (cluster_name=$cluster_name)"
+
+      if ! destroy_resource "$resource_id" "$terraform_module" "$cluster_name"; then
+        echo "Error destroying resource $resource_id"
+        FAILED=1
+      fi
+    else
+      echo "Skipping resource $resource_id as it does not meet the minimum age requirement of $MIN_AGE_IN_HOURS hours"
+    fi
+  done
+}
+
+# Destroy resources in the specific order: Aurora, OpenSearch, then EKS
+echo "Destroying Aurora resources..."
+process_resources_in_order "${aurora_resources[@]}"
+
+echo "Destroying OpenSearch resources..."
+process_resources_in_order "${opensearch_resources[@]}"
+
+echo "Destroying EKS resources..."
+process_resources_in_order "${eks_resources[@]}"
 
 echo "Cleaning up empty folders in s3://$BUCKET"
 # Loop until no empty folders are found

diff --git a/.github/workflows/test-gha-eks.yml b/.github/workflows/test-gha-eks.yml
@@ -207,38 +207,15 @@ jobs:
                   s3-bucket-region: ${{ env.TF_STATE_BUCKET_REGION }}
                   tf-modules-revision: ${{ steps.commit_info.outputs.tf_modules_revision }}
 
-            - name: Delete OpenSearch cluster
-              timeout-minutes: 30
-              if: always() && env.CREATE_OPENSEARCH == 'true' && !(github.event_name == 'workflow_dispatch' && inputs.delete_cluster == 'false')
-              uses: ./.github/actions/eks-cleanup-resources
-              with:
-                  tf-bucket: ${{ env.TF_STATE_BUCKET }}
-                  tf-bucket-region: ${{ env.TF_STATE_BUCKET_REGION }}
-                  max-age-hours: 0
-                  target: ${{ steps.commit_info.outputs.cluster_name }}
-                  module-name: opensearch
-
-            - name: Delete Aurora cluster
-              timeout-minutes: 30
-              if: always() && env.CREATE_DB == 'true' && !(github.event_name == 'workflow_dispatch' && inputs.delete_cluster == 'false')
-              uses: ./.github/actions/eks-cleanup-resources
-              with:
-                  tf-bucket: ${{ env.TF_STATE_BUCKET }}
-                  tf-bucket-region: ${{ env.TF_STATE_BUCKET_REGION }}
-                  max-age-hours: 0
-                  target: ${{ steps.commit_info.outputs.cluster_name }}
-                  module-name: aurora
-
-            - name: Delete EKS cluster
-              timeout-minutes: 30
+            - name: Delete Resources
+              timeout-minutes: 120
               if: always() && !(github.event_name == 'workflow_dispatch' && inputs.delete_cluster == 'false')
               uses: ./.github/actions/eks-cleanup-resources
               with:
                   tf-bucket: ${{ env.TF_STATE_BUCKET }}
                   tf-bucket-region: ${{ env.TF_STATE_BUCKET_REGION }}
                   max-age-hours: 0
                   target: ${{ steps.commit_info.outputs.cluster_name }}
-                  module-name: eks-cluster
 
             - name: Notify in Slack in case of failure
               id: slack-notification

diff --git a/test/src/custom_eks_opensearch_test.go b/test/src/custom_eks_opensearch_test.go
@@ -197,17 +197,17 @@ func (suite *CustomEKSOpenSearchTestSuite) TestCustomEKSAndOpenSearch() {
     {
       "Effect": "Allow",
       "Principal": {
-        "Federated": "arn:aws:iam::%s:oidc-provider/oidc.eks.%s.amazonaws.com/id/%s"
+        "Federated": "arn:aws:iam::%s:oidc-provider/%s"
       },
       "Action": "sts:AssumeRoleWithWebIdentity",
       "Condition": {
         "StringEquals": {
-          "oidc.eks.%s.amazonaws.com/id/%s:sub": "system:serviceaccount:%s:%s"
+          "%s:sub": "system:serviceaccount:%s:%s"
         }
       }
     }
   ]
-}`, accountId, suite.region, oidcProviderID, suite.region, oidcProviderID, openSearchNamespace, openSearchServiceAccount)
+}`, accountId, oidcProviderID, oidcProviderID, openSearchNamespace, openSearchServiceAccount)
 
 	varsConfigOpenSearch := map[string]interface{}{
 		"domain_name":                  opensearchDomainName,

diff --git a/test/src/custom_eks_rds_test.go b/test/src/custom_eks_rds_test.go
@@ -203,17 +203,17 @@ func (suite *CustomEKSRDSTestSuite) TestCustomEKSAndRDS() {
     {
       "Effect": "Allow",
       "Principal": {
-        "Federated": "arn:aws:iam::%s:oidc-provider/oidc.eks.%s.amazonaws.com/id/%s"
+        "Federated": "arn:aws:iam::%s:oidc-provider/%s"
       },
       "Action": "sts:AssumeRoleWithWebIdentity",
       "Condition": {
         "StringEquals": {
-          "oidc.eks.%s.amazonaws.com/id/%s:sub": "system:serviceaccount:%s:%s"
+          "%s:sub": "system:serviceaccount:%s:%s"
         }
       }
     }
   ]
-}`, accountId, suite.region, oidcProviderID, suite.region, oidcProviderID, auroraNamespace, auroraServiceAccount)
+}`, accountId, oidcProviderID, oidcProviderID, auroraNamespace, auroraServiceAccount)
 
 	varsConfigAurora := map[string]interface{}{
 		"username":                 auroraUsername,

diff --git a/test/src/utils/aws.go b/test/src/utils/aws.go
@@ -161,15 +161,11 @@ func DeleteObjectFromS3Bucket(sess aws.Config, s3Bucket string, objectToDelete s
 	return nil
 }
 
-// ExtractOIDCProviderID extracts the OIDC provider ID from the EKS cluster result.
+// ExtractOIDCProviderID extracts the OIDC provider from the EKS cluster result (without scheme, eg. no https://).
 func ExtractOIDCProviderID(clusterResult *eks.DescribeClusterOutput) (string, error) {
 	if clusterResult == nil || clusterResult.Cluster == nil || clusterResult.Cluster.Identity == nil {
 		return "", fmt.Errorf("invalid cluster result")
 	}
 
-	oidcProviderURL := *clusterResult.Cluster.Identity.Oidc.Issuer
-	partsOIDC := strings.Split(oidcProviderURL, "/")
-	oidcProviderID := partsOIDC[len(partsOIDC)-1]
-
-	return oidcProviderID, nil
+	return strings.ReplaceAll(*clusterResult.Cluster.Identity.Oidc.Issuer, "https://", ""), nil
 }