diff --git a/Jenkinsfile b/Jenkinsfile index df8f526f6c..295371bb81 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -29,6 +29,7 @@ pipeline { } environment { + TECTONIC_INSTALLER_ROLE= 'tectonic-installer' GO_PROJECT = '/go/src/github.com/coreos/tectonic-installer' MAKEFLAGS = '-j4' } @@ -100,11 +101,13 @@ pipeline { unstash 'sanity' withCredentials(creds) { timeout(30) { + sh 'set +x -e && eval "$(${WORKSPACE}/tests/smoke/aws/smoke.sh assume-role "$TECTONIC_INSTALLER_ROLE")"' sh '${WORKSPACE}/tests/smoke/aws/smoke.sh plan vars/aws.tfvars' sh '${WORKSPACE}/tests/smoke/aws/smoke.sh create vars/aws.tfvars' sh '${WORKSPACE}/tests/smoke/aws/smoke.sh test vars/aws.tfvars' } timeout(10) { + sh 'set +x -e && eval "$(${WORKSPACE}/tests/smoke/aws/smoke.sh assume-role "$TECTONIC_INSTALLER_ROLE")"' sh '${WORKSPACE}/tests/smoke/aws/smoke.sh destroy vars/aws.tfvars' } } @@ -114,6 +117,7 @@ pipeline { unstash 'sanity' withCredentials(creds) { timeout(5) { + sh 'set +x -e && eval "$(${WORKSPACE}/tests/smoke/aws/smoke.sh assume-role "$TECTONIC_INSTALLER_ROLE")"' sh '${WORKSPACE}/tests/smoke/aws/smoke.sh plan vars/aws-exp.tfvars' } } @@ -125,6 +129,7 @@ pipeline { unstash 'installer' withCredentials(creds) { timeout(10) { + sh 'set +x -e && eval "$(${WORKSPACE}/tests/smoke/aws/smoke.sh assume-role "$TECTONIC_INSTALLER_ROLE")"' sh '${WORKSPACE}/tests/smoke/aws/smoke.sh destroy vars/aws.tfvars' } } diff --git a/tests/smoke/aws/smoke.sh b/tests/smoke/aws/smoke.sh index 83d970694d..de1aa12ecc 100755 --- a/tests/smoke/aws/smoke.sh +++ b/tests/smoke/aws/smoke.sh @@ -1,16 +1,30 @@ #!/bin/bash -ex set -o pipefail shopt -s expand_aliases - -DIR="$( cd "$( dirname "$0" )" && pwd )" -# make core utils accessible to make -export PATH=/bin:$PATH - # Alias filter for convenience +# Alias filter for convenience # shellcheck disable=SC2139 alias filter="$WORKSPACE"/installer/scripts/filter.sh -export PLATFORM=aws + +assume_role() { + # Don't print out the credentials. + set +x + ROLE_NAME=$1 + # Get the actual role ARN. This allows us to invoke the script with friendly arguments. + # shellcheck disable=SC2155 + ROLE_ARN="$(aws iam get-role --role-name="$ROLE_NAME" | jq -r '.Role.Arn')" + # shellcheck disable=SC2155 + CREDENTIALS="$(aws sts assume-role --role-arn="$ROLE_ARN" --role-session-name=tectonic-installer | jq '.Credentials')" + echo "AWS_ACCESS_KEY_ID=$(echo "$CREDENTIALS" | jq -r '.AccessKeyId'); export AWS_ACCESS_KEY" + echo "AWS_SECRET_ACCESS_KEY=$(echo "$CREDENTIALS" | jq -r '.SecretAccessKey'); export AWS_SECRET_ACCESS_KEY" + echo "AWS_SESSION_TOKEN=$(echo "$CREDENTIALS" | jq -r '.SessionToken'); export AWS_SESSION_TOKEN" +} common() { + DIR="$( cd "$( dirname "$0" )" && pwd )" + # make core utils accessible to make + export PATH=/bin:$PATH + export PLATFORM=aws + # Set the specified vars file TF_VARS_FILE=$1 TEST_NAME=$(basename "$TF_VARS_FILE" | cut -d "." -f 1) @@ -53,7 +67,6 @@ common() { create() { common "$1" - make plan | filter make apply | filter } @@ -80,33 +93,41 @@ test_cluster() { } usage() { + # It's annoying to print the debug statement and the output from printf set +x printf "%s is a tool for running Tectonic smoke tests on AWS.\n\n" "$(basename "$0")" printf "Usage:\n\n \t %s command [arguments]\n\n" "$(basename "$0")" printf "The commands are:\n\n" - printf "\t create \tcreate a Tectonic cluster parameterized by \n" - printf "\t destroy \tdestroy the Tectonic cluster parameterized by \n" - printf "\t plan \tplan a Tectonic cluster parameterized by \n" - printf "\t test \ttest a Tectonic cluster parameterized by \n" + printf "\t assume-role \tassume the role specified by \n" + printf "\t create \tcreate a Tectonic cluster parameterized by \n" + printf "\t destroy \tdestroy the Tectonic cluster parameterized by \n" + printf "\t plan \tplan a Tectonic cluster parameterized by \n" + printf "\t test \ttest a Tectonic cluster parameterized by \n" printf "\n" } -COMMAND=$1 -if [ $# -eq 0 ]; then - usage - exit 1 -fi +main () { + COMMAND=$1 + if [ $# -eq 0 ]; then + usage + exit 1 + fi + + shift + case $COMMAND in + assume-role) + assume_role "$@";; + create) + create "$@";; + destroy) + destroy "$@";; + plan) + plan "$@";; + test) + test_cluster "$@";; + *) + usage;; + esac +} -shift -case $COMMAND in - create) - create "$@";; - destroy) - destroy "$@";; - plan) - plan "$@";; - test) - test_cluster "$@";; - *) - usage;; -esac +main "$@"