ci: e2e test setup for assume role in test account org (#12392)

* ci: test assume role * ci: retry * ci: test again * ci: cleanup * ci: reduce duration to 1h max for role chaining * ci: full e2e run * ci: run with breakpoint * ci: run with debug * ci: add CI flag * ci: re-enable test * ci: fix ci * ci: add circleci env var * ci: prepare for pr
aws-amplify · Apr 24, 2023 · ba52af0 · ba52af0
1 parent 59a7305
commit ba52af0
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 6 deletions.
diff --git a/codebuild_specs/base.yml b/codebuild_specs/base.yml
@@ -4,12 +4,13 @@ env:
   compute-type: BUILD_GENERAL1_MEDIUM
   imagePullCredentialsType: SERVICE_ROLE
   variables:
+    AWS_DEFAULT_REGION: us-east-1
+    AWS_REGION: us-east-1
+    CDK_DEFAULT_REGION: us-east-1
     CLI_REGION: us-east-1
     TEST_SUITE: src/__tests__/auth_2b.test.ts
     AMPLIFY_DIR: '$CODEBUILD_SRC_DIR/out'
     AMPLIFY_PATH: '$CODEBUILD_SRC_DIR/out/amplify-pkg-linux-x64'
-  # secrets-manager:
-  #   S3_ACCESS_KEY: "secretname" # s3_access_key in secret manager
 
 batch:
   fast-fail: false
@@ -93,5 +94,6 @@ batch:
       buildspec: codebuild_specs/run_e2e_tests_linux.yml
       env:
         compute-type: BUILD_GENERAL1_LARGE
+      debug-session: true
       depend-on:
         - upload_pkg_binaries
diff --git a/codebuild_specs/run_e2e_tests_linux.yml b/codebuild_specs/run_e2e_tests_linux.yml
@@ -4,13 +4,20 @@ env:
   variables:
     CLI_REGION: us-east-1
     TEST_SUITE: src/__tests__/auth_2b.test.ts
+    CI: true
+    CIRCLECI: true
 phases:
   build:
     commands:
       # you can provide a codebuild source version to use old cache and skip all other jobs :)
-      # - export CODEBUILD_SOURCE_VERSION=3fd87009bf573ebc8cda120dfe0cfd7f6a134fe3
+      - export NODE_OPTIONS=--max-old-space-size=8096
+      # - export CODEBUILD_SOURCE_VERSION=4610160556171f344780aeb2f0d01b7b20147b5d
       - export AMPLIFY_DIR=$CODEBUILD_SRC_DIR/out
       - export AMPLIFY_PATH=$CODEBUILD_SRC_DIR/out/amplify-pkg-linux-x64
       - echo $AMPLIFY_DIR
       - echo $AMPLIFY_PATH
       - source ./shared-scripts.sh && _runE2ETestsLinux
+      - codebuild-breakpoint
+  post_build:
+    commands:
+      - aws sts get-caller-identity
diff --git a/shared-scripts.sh b/shared-scripts.sh
@@ -68,7 +68,19 @@ function loadCacheFile {
     echo done loading cache
     cd $CODEBUILD_SRC_DIR
 }
-
+function _loadTestAccountCredentials {
+    echo ASSUMING PARENT TEST ACCOUNT credentials
+    session_id=$((1 + $RANDOM % 10000))
+    creds=$(aws sts assume-role --role-arn $TEST_ACCOUNT_ROLE --role-session-name testSession${session_id} --duration-seconds 3600)
+    if [ -z $(echo $creds | jq -c -r '.AssumedRoleUser.Arn') ]; then
+        echo "Unable to assume parent e2e account role."
+        return
+    fi
+    echo "Using account credentials for $(echo $creds | jq -c -r '.AssumedRoleUser.Arn')"
+    export AWS_ACCESS_KEY_ID=$(echo $creds | jq -c -r ".Credentials.AccessKeyId")
+    export AWS_SECRET_ACCESS_KEY=$(echo $creds | jq -c -r ".Credentials.SecretAccessKey")
+    export AWS_SESSION_TOKEN=$(echo $creds | jq -c -r ".Credentials.SessionToken")
+}
 
 
 
@@ -266,8 +278,11 @@ function _runE2ETestsLinux {
     changeNpmGlobalPath
     amplify version
 
-    # cd packages/amplify-e2e-tests
-    # retry runE2eTest
+    cd packages/amplify-e2e-tests
+
+    _loadTestAccountCredentials
+
+    retry runE2eTest
 }
 function _runE2ETestsWin {
     echo RUN E2E Tests Windows