Test AWS CLI and tempaltes

Test that the aws CLI is working and can login. Test that the aws-${sdk} templates work. This requires the following secrets in GHA: * AWS_ACCESS_KEY_ID * AWS_SECRET_ACCESS_KEY Ref #209
pulumi · Jul 25, 2024 · 5ef6c4e · 5ef6c4e
1 parent 3e3f5a7
commit 5ef6c4e
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -38,6 +38,10 @@ env:
   ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+  # AWS credentials for the tests
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_CI_ROLE_ARN: ${{ secrets.AWS_CI_ROLE_ARN }}
 
 jobs:
   comment-notification:
@@ -107,6 +111,9 @@ jobs:
             -e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \
             -e ARM_TENANT_ID=${ARM_TENANT_ID} \
             -e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \
+            -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
+            -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
+            -e AWS_CI_ROLE_ARN=${AWS_CI_ROLE_ARN} \
             --volume /tmp:/src \
             --entrypoint /bin/bash \
             ${{ env.DOCKER_USERNAME }}/pulumi:${{ env.PULUMI_VERSION }} \
@@ -122,6 +129,9 @@ jobs:
             -e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \
             -e ARM_TENANT_ID=${ARM_TENANT_ID} \
             -e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \
+            -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
+            -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
+            -e AWS_CI_ROLE_ARN=${AWS_CI_ROLE_ARN} \
             --volume /tmp:/src \
             --entrypoint /bin/bash \
             ${{ env.DOCKER_USERNAME }}/pulumi:${{ env.PULUMI_VERSION }} \
@@ -177,6 +187,9 @@ jobs:
             -e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \
             -e ARM_TENANT_ID=${ARM_TENANT_ID} \
             -e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \
+            -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
+            -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
+            -e AWS_CI_ROLE_ARN=${AWS_CI_ROLE_ARN} \
             --volume /tmp:/src \
             --entrypoint /bin/bash \
             ${{ env.DOCKER_USERNAME }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }} \
@@ -274,6 +287,9 @@ jobs:
             -e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \
             -e ARM_TENANT_ID=${ARM_TENANT_ID} \
             -e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \
+            -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
+            -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
+            -e AWS_CI_ROLE_ARN=${AWS_CI_ROLE_ARN} \
             --volume /tmp:/src \
             --entrypoint /bin/bash \
             --platform ${{ matrix.arch }} \
@@ -346,6 +362,9 @@ jobs:
             -e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \
             -e ARM_TENANT_ID=${ARM_TENANT_ID} \
             -e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \
+            -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
+            -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
+            -e AWS_CI_ROLE_ARN=${AWS_CI_ROLE_ARN} \
             --volume /tmp:/src \
             --entrypoint /bin/bash \
             ${{ env.DOCKER_USERNAME }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-ubi \

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+
+- Test AWS CLI and templates in the `pulumi/pulumi` image
+  ([#213](https://github.com/pulumi/pulumi-docker-containers/pull/213))
+
 - Fix compilation issue when running `azure-java` in `pulumi-java`
   ([#212](https://github.com/pulumi/pulumi-docker-containers/pull/212))
 

diff --git a/tests/containers_test.go b/tests/containers_test.go
@@ -40,22 +40,29 @@ func TestPulumiTemplateTests(t *testing.T) {
 	t.Parallel()
 
 	// Confirm we have credentials.
+	// Azure
 	mustEnv(t, "PULUMI_ACCESS_TOKEN")
 	mustEnv(t, "ARM_CLIENT_ID")
 	mustEnv(t, "ARM_CLIENT_SECRET")
 	mustEnv(t, "ARM_TENANT_ID")
+	// AWS
+	mustEnv(t, "AWS_ACCESS_KEY_ID")
+	mustEnv(t, "AWS_SECRET_ACCESS_KEY")
 
 	stackOwner := mustEnv(t, "PULUMI_ORG")
 
 	sdksToTest := []string{"csharp", "python", "typescript", "go", "java"}
 	if os.Getenv("SDKS_TO_TEST") != "" {
 		sdksToTest = strings.Split(os.Getenv("SDKS_TO_TEST"), ",")
 	}
-	clouds := []string{"azure" /*, "aws", "gcp"*/}
+	clouds := []string{"azure", "aws" /* , "gcp"*/}
 	configs := map[string]map[string]string{
 		"azure": {
 			"azure-native:location": "EastUS",
 		},
+		"aws": {
+			"aws:region": "us-west-1",
+		},
 	}
 
 	testCases := []testCase{}
@@ -133,6 +140,18 @@ func TestCLIToolTests(t *testing.T) {
 		json.Unmarshal(out, &result)
 		require.Equal(t, subscriptionId, result["id"])
 	})
+
+	t.Run("AWS CLI", func(t *testing.T) {
+		t.Parallel()
+
+		accessKey := mustEnv(t, "AWS_ACCESS_KEY_ID")
+		secretAccessKey := mustEnv(t, "AWS_SECRET_ACCESS_KEY")
+
+		cmd := exec.Command("aws", "sts", "get-caller-identity")
+		cmd.Env = append(os.Environ(), fmt.Sprintf("AWS_ACCESS_KEY_ID=%s", accessKey), fmt.Sprintf("AWS_SECRET_ACCESS_KEY=%s", secretAccessKey))
+		_, err := cmd.Output()
+		require.NoError(t, err)
+	})
 }
 
 func mustEnv(t *testing.T, env string) string {