Automated testing for AWS infrastructure

.github/workflows/testing-apply-aws-infra.yaml

@@ -0,0 +1,176 @@
+name: TESTING Apply AWS infrastructure
+
+on:
+  pull_request_review:
+    types: [submitted]
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: "Pull request number"
+        required: true
+
+defaults:
+  run:
+    working-directory: ./scripts
+
+env:
+  PR_NUMBER: ${{github.event.pull_request.number }}
+  PLAN_WORKFLOW_NAME: testing-plan-aws-infra.yaml
+  # TF_CACHE_DIR: ${{ github.workspace }}/tofu/.terraform
+
+jobs:
+  apply-test-aws-k8s-infra:
+    if: github.event.review.state == 'approved' || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    environment: testing
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set PR_NUMBER env variable
+        if: github.event_name == 'workflow_dispatch'
+        run: |
+          # If event is workflow_dispatch, use the event.workflow_dispatch.inputs.pr_number
+          echo "PR_NUMBER=${{ github.event.inputs.pr_number }}" >> $GITHUB_ENV
+
+      - name: Init AWS credentials
+        uses: aws-actions/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          aws-region: ${{ vars.TF_VAR_REGION }}
+
+      - name: Set up Tofu
+        uses: opentofu/[email protected]
+        with:
+          tofu_wrapper: false
+
+      # - name: Create Terraform Plugin Cache Dir
+      #   run: mkdir --parents ${{ env.TF_CACHE_DIR }}
+
+      # - name: Cache OpenTofu plugins
+      #   uses: actions/cache@v2
+      #   id: cache_opentofu_plugins
+      #   with:
+      #     path: ${{ env.TF_CACHE_DIR }}
+      #     key: tofu-${{hashFiles('./tofu/.terraform.lock.hcl')}}
+
+      - name: Get artifacts
+        uses: dawidd6/action-download-artifact@v3
+        with:
+          workflow: ${{ env.PLAN_WORKFLOW_NAME }}
+          pr: ${{ env.PR_NUMBER }}
+          workflow_conclusion: success
+          name: artifacts-${{ env.PR_NUMBER }}
+          path: artifacts
+
+      - name: Copy artifacts
+        working-directory: ./artifacts
+        run: |
+          cp plan-aws.out ../tofu/aws/plan-aws
+          cp terraform.tfvars ../tofu/terraform.tfvars
+
+      - name: Apply AWS infrastructure
+        id: apply_infrastructure
+        timeout-minutes: 20
+        continue-on-error: true
+        working-directory: ./tofu/aws
+        run: |
+          tofu init
+          tofu apply -auto-approve -state-out ../../state/state-aws plan-aws
+
+      - name: Set AWS infra output variables
+        continue-on-error: true
+        working-directory: ./tofu/aws
+        run: |
+          echo "TF_VAR_falkordb_eks_cluster_name=$(tofu output -state=../../state/state-aws -raw falkordb_eks_cluster_name)" >> $GITHUB_ENV
+          echo "TF_VAR_falkordb_s3_backup_name=$(tofu output -state=../../state/state-aws -raw falkordb_s3_backup_name)" >> $GITHUB_ENV
+          echo "TF_VAR_falkordb_eks_cluster_oidc_issuer_url=$(tofu output -state=../../state/state-aws -raw falkordb_eks_cluster_oidc_issuer_url)" >> $GITHUB_ENV
+          echo "TF_VAR_falkordb_eks_cluster_oidc_issuer_arn=$(tofu output -state=../../state/state-aws -raw falkordb_eks_cluster_oidc_issuer_arn)" >> $GITHUB_ENV
+          echo "TF_VAR_falkordb_eks_cluster_role_arn=$(tofu output -state=../../state/state-aws -raw falkordb_eks_cluster_role_arn)" >> $GITHUB_ENV
+          echo "TF_VAR_falkordb_eks_cluster_endpoint=$(tofu output -state=../../state/state-aws -raw falkordb_eks_cluster_endpoint)" >> $GITHUB_ENV
+          echo "TF_VAR_falkordb_eks_cluster_certificate_autority=$(tofu output -state=../../state/state-aws -raw falkordb_eks_cluster_certificate_autority)" >> $GITHUB_ENV
+
+      - name: Archive AWS target state
+        uses: actions/upload-artifact@v4
+        with:
+          name: state-aws-${{ env.PR_NUMBER }}
+          path: state/state-aws
+          if-no-files-found: error
+
+      - name: Get EKS cluster credentials
+        id: get_eks_credentials
+        if: steps.apply_infrastructure.outcome == 'success'
+        continue-on-error: true
+        run: |
+          ./aws_update_kubeconfig.sh testing-cluster-${{ env.PR_NUMBER }} ${{ secrets.TF_VAR_ASSUME_ROLE_ARN }}
+
+      - name: Check connection to EKS cluster
+        if: steps.get_eks_credentials.outcome == 'success'
+        continue-on-error: true
+        run: |
+          kubectl get nodes
+
+      # - name: Plan K8S module
+      #   if: steps.get_eks_credentials.outcome == 'success'
+      #   id: plan_k8s
+      #   working-directory: ./tofu/k8s
+      #   run: |
+      #     tofu init
+      #     tofu plan -out=local-k8s -var-file=../terraform.tfvars -var "assume_role_arn=${{ secrets.TF_VAR_ASSUME_ROLE_ARN }}" -var "eks_auth_role=${{ secrets.TF_VAR_EKS_AUTH_ROLE }}" -var "falkordb_hosted_zone_id=${{ secrets.TF_VAR_FALKORDB_HOSTED_ZONE_ID }}" -var "falkordb_password=${{ secrets.TF_VAR_FALKORDB_PASSWORD }}"
+
+      - name: Apply k8s module
+        if: steps.get_eks_credentials.outcome == 'success'
+        id: apply_k8s_module
+        timeout-minutes: 20
+        continue-on-error: true
+        working-directory: ./tofu/k8s
+        run: |
+          tofu init
+          tofu plan -out=local-k8s -var-file=../terraform.tfvars -var "assume_role_arn=${{ secrets.TF_VAR_ASSUME_ROLE_ARN }}" -var "eks_auth_role=${{ secrets.TF_VAR_EKS_AUTH_ROLE }}" -var "falkordb_password=${{ secrets.TF_VAR_FALKORDB_PASSWORD }}"
+          tofu apply -auto-approve -state-out ../../state/state-k8s local-k8s
+
+      - name: Archive K8S target state
+        uses: actions/upload-artifact@v4
+        with:
+          name: state-k8s-${{ env.PR_NUMBER }}
+          path: state/state-k8s
+          if-no-files-found: error
+
+      - name: Get FalkorDB endpoint
+        if: steps.apply_k8s_module.outcome == 'success'
+        continue-on-error: true
+        id: lb
+        run: |
+          echo "host=$(kubectl get svc -n falkordb falkordb-redis -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" >> $GITHUB_ENV
+
+      - name: Run python tests
+        id: python_tests
+        if: steps.apply_k8s_module.outcome == 'success'
+        working-directory: .
+        continue-on-error: true
+        run: |
+          FALKORDB_HOST=${{ steps.lb.outputs.host }}
+          FALKORDB_PORT=6379
+          FALKORDB_PASSWORD=${{ secrets.TF_VAR_FALKORDB_PASSWORD }}
+          python3 -m venv .venv
+          source .venv/bin/activate
+          pip install -r requirements.txt
+          pytest
+
+      - name: Destroy K8S infrastructure
+        if: always()
+        working-directory: ./tofu/k8s
+        run: tofu destroy -auto-approve -state ../../state/state-k8s  -var-file=../terraform.tfvars -var "assume_role_arn=${{ secrets.TF_VAR_ASSUME_ROLE_ARN }}" -var "eks_auth_role=${{ secrets.TF_VAR_EKS_AUTH_ROLE }}" -var "falkordb_password=${{ secrets.TF_VAR_FALKORDB_PASSWORD }}"
+
+      - name: Destroy AWS infrastructure
+        if: always()
+        working-directory: ./tofu/aws
+        run: tofu destroy -auto-approve -state ../../state/state-aws  -var-file=../terraform.tfvars -var "assume_role_arn=${{ secrets.TF_VAR_ASSUME_ROLE_ARN }}" -var "eks_auth_role=${{ secrets.TF_VAR_EKS_AUTH_ROLE }}"
+
+      - name: Fail if tests did not pass
+        if: always()
+        run: |
+          # Check if python tests conclusion is success
+          if [ ${{ steps.python_tests.conclusion }} != 'success' ]; then
+            exit 1
+          fi

.github/workflows/testing-plan-aws-infra.yaml

@@ -0,0 +1,108 @@
+name: TESTING Plan AWS infrastructure
+
+on:
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    working-directory: ./scripts
+
+env:
+  PR_NUMBER: ${{ github.event.pull_request.number }}
+  # TF_CACHE_DIR: ${{ github.workspace }}/tofu/.terraform
+
+jobs:
+  plan-infra:
+    runs-on: ubuntu-latest
+    environment: testing
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Init AWS credentials
+        uses: aws-actions/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          aws-region: ${{ vars.TF_VAR_REGION }}
+
+      - name: Set up testing environment variables
+        env:
+          name: testing-cluster-${{ env.PR_NUMBER }}
+          tenant_name: testing-tenant-${{ env.PR_NUMBER }}
+          region: ${{ vars.TF_VAR_REGION }}
+          k8s_version: ${{ vars.TF_VAR_K8S_VERSION }}
+          k8s_instance_type: ${{ vars.TF_VAR_K8S_INSTANCE_TYPE }}
+          k8s_node_count: ${{ vars.TF_VAR_K8S_NODE_COUNT }}
+          k8s_node_min_count: ${{ vars.TF_VAR_K8S_NODE_MIN_COUNT }}
+          k8s_node_max_count: ${{ vars.TF_VAR_K8S_NODE_MAX_COUNT }}
+          backup_retention_period: ${{ vars.TF_VAR_BACKUP_RETENTION_PERIOD }}
+          falkordb_version: v4.0.3
+          falkordb_cpu: ${{ vars.TF_VAR_FALKORDB_CPU }}
+          falkordb_memory: ${{ vars.TF_VAR_FALKORDB_MEMORY }}
+          persistance_size: ${{ vars.TF_VAR_PERSISTANCE_SIZE }}
+          falkordb_replicas: ${{ vars.TF_VAR_FALKORDB_REPLICAS }}
+          grafana_admin_password: ${{ vars.TF_VAR_GRAFANA_ADMIN_PASSWORD }}
+          backup_schedule: ${{ vars.TF_VAR_BACKUP_SCHEDULE }}
+          # falkordb_domain: ${{ vars.TF_VAR_FALKORDB_DOMAIN }}
+
+          # If we add these here, they will be exported in the tfvars file
+          # assume_role_arn: ${{ secrets.TF_VAR_ASSUME_ROLE_ARN }}
+          # eks_auth_role: ${{ secrets.TF_VAR_EKS_AUTH_ROLE }}
+          # falkordb_hosted_zone_id: ${{ secrets.TF_VAR_FALKORDB_HOSTED_ZONE_ID }}
+          # falkordb_password: ${{ secrets.TF_VAR_FALKORDB_PASSWORD }}
+        run: |
+          ./create_tfvars_from_env.sh
+          mkdir -p ${GITHUB_WORKSPACE}/artifacts
+          cp ../tofu/terraform.tfvars ${GITHUB_WORKSPACE}/artifacts/terraform.tfvars
+
+      - name: Set up Tofu
+        uses: opentofu/[email protected]
+
+      # - name: Create Tofu Plugin Cache Dir
+      #   run: |
+      #     echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc
+      #     mkdir --parents ~/.terraform.d/plugin-cache
+
+      # - name: Cache OpenTofu modules
+      #   uses: actions/cache@v2
+      #   id: cache_opentofu_plugins
+      #   with:
+      #     path: ${{ env.TF_CACHE_DIR }}
+      #     key: tofu-${{hashFiles('./tofu/.terraform.lock.hcl')}}
+
+      # - name: Init infrastructure
+      #   # if: steps.cache_opentofu_plugins.outputs.cache-hit != 'true'
+      #   run: ./tofu_init.sh
+
+      # - name: Run tests
+      #   run: ./tofu_test.sh
+
+      - name: Plan AWS module
+        id: plan_aws
+        working-directory: ./tofu/aws
+        run: |
+          tofu init
+          tofu test
+          tofu plan -out ../../local-aws -var "assume_role_arn=${{ secrets.TF_VAR_ASSUME_ROLE_ARN }}" -var "eks_auth_role=${{ secrets.TF_VAR_EKS_AUTH_ROLE }}"
+          cp ../../local-aws ${GITHUB_WORKSPACE}/artifacts/plan-aws.out
+
+      - name: Plan K8S module
+        id: plan_k8s
+        working-directory: ./tofu/k8s
+        run: |
+          tofu init
+          tofu test
+          tofu plan -out ../../local-k8s -var "falkordb_s3_backup_name='test-backup-bucket-s3'" -var "assume_role_arn=${{ secrets.TF_VAR_ASSUME_ROLE_ARN }}" -var "falkordb_password=${{ secrets.TF_VAR_FALKORDB_PASSWORD }}" -var "falkordb_eks_cluster_oidc_issuer_url=''" -var "falkordb_eks_cluster_oidc_issuer_arn=''" -var "falkordb_eks_cluster_endpoint=''" -var "falkordb_eks_cluster_certificate_autority=dGVzdA=="
+          cp ../../local-k8s ${GITHUB_WORKSPACE}/artifacts/plan-k8s.out
+
+      - name: Archive artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: artifacts-${{ env.PR_NUMBER }}
+          path: artifacts

.gitignore

@@ -2,4 +2,6 @@
 terraform.tfvars
 terraform.tfstate
 terraform.tfstate.backup
-local
+local
+.venv
+tofu/__tests__/__pycache__

README.md

@@ -20,14 +20,20 @@ Scripts to help work with this repository
 5. tofu_delete_workspace.sh: Delete workspace.
 6. tofu_list_workspace.sh: List available workspaces.
 7. tofu_plan.sh: Generate execution plan to be deployed.
-8. tofu_apply.sh: Deploy the plan to the cloud provider.
-9. tofu_destroy.sh: Delete the deployment from the cloud provider.
-10. tofu_output.sh: Show deployment output.
-11. aws_update_kubeconfig.sh: Update kubectl config.
-12. kubectl_connect_falkordb_master.sh: Port forward into the FalkorDB master node.
-13. kubectl_connect_grafana.sh: Port forward into the grafana gui.
-14. kubectl_connect_prometheus.sh: Port forward into the prometheus gui.
-15. kubectl_connect_alertmanager.sh: Port forward into the alert manager gui.
+8. tofu_plan_aws.sh: Generate execution plan to be deployed for the AWS target.
+9. tofu_plan_k8s.sh: Generate execution plan to be deployed for the K8S target.
+10. tofu_apply.sh: Deploy the plan to the cloud provider.
+11. tofu_apply_aws.sh: Deploy the AWS target to the cloud provider.
+12. tofu_apply_k8s.sh: Deploy the K8S target to the cloud provider.
+13. tofu_destroy.sh: Delete the deployment from the cloud provider.
+14. tofu_output.sh: Show deployment output.
+15. tofu_show.sh: Show the state configuration.
+16. tofu_test.sh: Run Tofu tests.
+17. aws_update_kubeconfig.sh: Update kubectl config.
+18. kubectl_connect_falkordb_master.sh: Port forward into the FalkorDB master node.
+19. kubectl_connect_grafana.sh: Port forward into the grafana gui.
+20. kubectl_connect_prometheus.sh: Port forward into the prometheus gui.
+21. kubectl_connect_alertmanager.sh: Port forward into the alert manager gui.
 
 # Tofu
 

requirements.txt

@@ -0,0 +1,2 @@
+FalkorDB==1.0.1
+pytest==6.2.4

scripts/aws_update_kubeconfig.sh

@@ -1 +1 @@
-aws eks update-kubeconfig --name $1
+aws eks update-kubeconfig --name $1 --role-arn $2

scripts/create_tfvars_from_env.sh

@@ -0,0 +1,20 @@
+    echo "name=\"$name\"
+    tenant_name=\"$name\"
+    region=\"$region\"
+    k8s_version=\"$k8s_version\"
+    k8s_instance_type=\"$k8s_instance_type\"
+    k8s_node_count=\"$k8s_node_count\"
+    k8s_node_min_count=\"$k8s_node_min_count\"
+    k8s_node_max_count=\"$k8s_node_max_count\"
+    backup_retention_period=\"$backup_retention_period\"
+    falkordb_version=\"$falkordb_version\"
+    falkordb_cpu=\"$falkordb_cpu\"
+    falkordb_memory=\"$falkordb_memory\"
+    persistance_size=\"$persistance_size\"
+    falkordb_replicas=\"$falkordb_replicas\"
+    grafana_admin_password=\"$grafana_admin_password\"
+    backup_schedule=\"$backup_schedule\"
+    # falkordb_domain=\"$falkordb_domain\"
+    " > ../tofu/terraform.tfvars
+cp ../tofu/terraform.tfvars ../tofu/aws/terraform.tfvars
+cp ../tofu/terraform.tfvars ../tofu/k8s/terraform.tfvars

scripts/tofu_apply_aws.sh

@@ -0,0 +1,5 @@
+PLAN_PATH=local-aws
+if [ -n "$1" ]; then
+  PLAN_PATH=$1
+fi
+cd ../tofu && tofu apply -state-out=../state/state-aws -auto-approve $PLAN_PATH

scripts/tofu_apply_k8s.sh

@@ -0,0 +1,5 @@
+PLAN_PATH=local-k8s
+if [ -n "$1" ]; then
+  PLAN_PATH=$1
+fi
+cd ../tofu && tofu apply -state-out=../state/state-k8s $PLAN_PATH

scripts/tofu_plan_aws.sh

@@ -0,0 +1 @@
+cd ../tofu && tofu plan -target=module.aws -out=local-aws

scripts/tofu_plan_k8s.sh

@@ -0,0 +1 @@
+cd ../tofu && tofu plan -target=module.k8s -out=local-k8s

scripts/tofu_show.sh

@@ -0,0 +1,5 @@
+STATE_PATH=local
+if [ -n "$1" ]; then
+  STATE_PATH=$1
+fi
+cd ../tofu && tofu show -no-color $STATE_PATH

scripts/tofu_test.sh

@@ -0,0 +1 @@
+cd ../tofu && tofu test