Simplify OIDC extraTest (#4909)

blampe · web-flow · commit e1ae15058931 · 2024-12-11T16:16:11.000-08:00
Today `TestAccCloudWatch` and `TestAccCloudWatchOidcManual` are each
executed twice. Once as part of the `test (nodejs, local)` (examples)
job, and again as part of the `test_oidc` job defined in `extraTests`.

The `test_oidc` job executes `TestAccCloudWatchOidcManual` without any
ambient AWS credentials, and then `TestAccCloudWatch` after assuming
`OIDC_ROLE_ARN`.

This PR removes the extra `test_oidc` job by incorporating these tests
into the usual examples job.
* `TestAccCloudWatch` and `TestAccCloudWatchOIDCAmbient` preserve the
existing behavior of running these using the ambient credentials from
the examples job.
* `TestAccCloudWatchOIDCManual` and `TestAccCloudWatchOIDC` preserving
the `test_oidc` behavior by running without ambient credentials and
after assuming `OIDC_ROLE_ARN`, respectively.
diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml
@@ -127,69 +127,6 @@ extraTests:
         cd upstream
         make provider-lint
 
-  test_oidc:
-    name: test_oidc
-    needs: build_sdk
-    permissions:
-      contents: read
-      id-token: write
-    runs-on: ubuntu-latest
-    steps:
-    - name: Free Disk Space (Ubuntu)
-      uses: jlumbroso/free-disk-space@main
-      with:
-        tool-cache: false
-        swap-storage: false
-        dotnet: ${{ matrix.language != 'dotnet' }}
-    - name: Checkout Repo
-      uses: actions/checkout@v4
-      with:
-        ref: ${{ env.PR_COMMIT_SHA }}
-        submodules: true
-    - uses: pulumi/provider-version-action@v1
-      with:
-        set-env: 'PROVIDER_VERSION'
-    - name: Setup tools
-      uses: ./.github/actions/setup-tools
-      with:
-        tools: pulumictl, pulumi, go, node
-    - name: Prepare local workspace
-      run: make prepare_local_workspace
-    - name: Download bin
-      uses: ./.github/actions/download-bin
-    - name: Download SDK
-      uses: ./.github/actions/download-sdk
-      with:
-        language: ${{ matrix.language }}
-    - name: Restore makefile progress
-      run: make --touch provider schema build_${{ matrix.language }}
-    - name: Update path
-      run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
-    - name: Install dependencies
-      run: make install_${{ matrix.language}}_sdk
-    - name: Install gotestfmt
-      uses: GoTestTools/gotestfmt-action@v2
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        version: v2.4.0
-    - name: Run selected tests with manual web identity/OIDC auth
-      run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-    - name: Configure AWS Credentials for OIDC
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        unset-current-credentials: true
-        aws-region: ${{ env.AWS_REGION }}
-        role-duration-seconds: 3600
-        role-session-name: aws@githubActions
-        role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
-    - name: Run selected tests with configure-aws-credentials web identity/OIDC auth
-      run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-    strategy:
-      fail-fast: false
-      matrix:
-        language:
-        - nodejs
-
   provider_test:
     name: provider_test
     needs: build_sdk
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -101,7 +101,6 @@ jobs:
       - license_check
       - go_test_shim
       - provider_test
-      - test_oidc
       - upstream_lint
     uses: ./.github/workflows/publish.yml
     secrets: inherit
@@ -307,68 +306,6 @@ jobs:
                   - dotnet
                   - go
                   - java
-  test_oidc:
-      name: test_oidc
-      needs: build_sdk
-      permissions:
-          contents: read
-          id-token: write
-      runs-on: ubuntu-latest
-      steps:
-          - name: Free Disk Space (Ubuntu)
-            uses: jlumbroso/free-disk-space@main
-            with:
-              dotnet: ${{ matrix.language != 'dotnet' }}
-              swap-storage: false
-              tool-cache: false
-          - name: Checkout Repo
-            uses: actions/checkout@v4
-            with:
-              ref: ${{ env.PR_COMMIT_SHA }}
-              submodules: true
-          - uses: pulumi/provider-version-action@v1
-            with:
-              set-env: PROVIDER_VERSION
-          - name: Setup tools
-            uses: ./.github/actions/setup-tools
-            with:
-              tools: pulumictl, pulumi, go, node
-          - name: Prepare local workspace
-            run: make prepare_local_workspace
-          - name: Download bin
-            uses: ./.github/actions/download-bin
-          - name: Download SDK
-            uses: ./.github/actions/download-sdk
-            with:
-              language: ${{ matrix.language }}
-          - name: Restore makefile progress
-            run: make --touch provider schema build_${{ matrix.language }}
-          - name: Update path
-            run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
-          - name: Install dependencies
-            run: make install_${{ matrix.language}}_sdk
-          - name: Install gotestfmt
-            uses: GoTestTools/gotestfmt-action@v2
-            with:
-              token: ${{ secrets.GITHUB_TOKEN }}
-              version: v2.4.0
-          - name: Run selected tests with manual web identity/OIDC auth
-            run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-          - name: Configure AWS Credentials for OIDC
-            uses: aws-actions/configure-aws-credentials@v4
-            with:
-              aws-region: ${{ env.AWS_REGION }}
-              role-duration-seconds: 3600
-              role-session-name: aws@githubActions
-              role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
-              unset-current-credentials: true
-          - name: Run selected tests with configure-aws-credentials web identity/OIDC auth
-            run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-      strategy:
-          fail-fast: false
-          matrix:
-              language:
-                  - nodejs
   upstream_lint:
       name: Run upstream provider-lint
       runs-on: ubuntu-latest
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
@@ -61,7 +61,6 @@ jobs:
       - license_check
       - go_test_shim
       - provider_test
-      - test_oidc
       - upstream_lint
     uses: ./.github/workflows/publish.yml
     secrets: inherit
@@ -247,68 +246,6 @@ jobs:
                   - dotnet
                   - go
                   - java
-  test_oidc:
-      name: test_oidc
-      needs: build_sdk
-      permissions:
-          contents: read
-          id-token: write
-      runs-on: ubuntu-latest
-      steps:
-          - name: Free Disk Space (Ubuntu)
-            uses: jlumbroso/free-disk-space@main
-            with:
-              dotnet: ${{ matrix.language != 'dotnet' }}
-              swap-storage: false
-              tool-cache: false
-          - name: Checkout Repo
-            uses: actions/checkout@v4
-            with:
-              ref: ${{ env.PR_COMMIT_SHA }}
-              submodules: true
-          - uses: pulumi/provider-version-action@v1
-            with:
-              set-env: PROVIDER_VERSION
-          - name: Setup tools
-            uses: ./.github/actions/setup-tools
-            with:
-              tools: pulumictl, pulumi, go, node
-          - name: Prepare local workspace
-            run: make prepare_local_workspace
-          - name: Download bin
-            uses: ./.github/actions/download-bin
-          - name: Download SDK
-            uses: ./.github/actions/download-sdk
-            with:
-              language: ${{ matrix.language }}
-          - name: Restore makefile progress
-            run: make --touch provider schema build_${{ matrix.language }}
-          - name: Update path
-            run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
-          - name: Install dependencies
-            run: make install_${{ matrix.language}}_sdk
-          - name: Install gotestfmt
-            uses: GoTestTools/gotestfmt-action@v2
-            with:
-              token: ${{ secrets.GITHUB_TOKEN }}
-              version: v2.4.0
-          - name: Run selected tests with manual web identity/OIDC auth
-            run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-          - name: Configure AWS Credentials for OIDC
-            uses: aws-actions/configure-aws-credentials@v4
-            with:
-              aws-region: ${{ env.AWS_REGION }}
-              role-duration-seconds: 3600
-              role-session-name: aws@githubActions
-              role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
-              unset-current-credentials: true
-          - name: Run selected tests with configure-aws-credentials web identity/OIDC auth
-            run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-      strategy:
-          fail-fast: false
-          matrix:
-              language:
-                  - nodejs
   upstream_lint:
       name: Run upstream provider-lint
       runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -67,7 +67,6 @@ jobs:
       - license_check
       - go_test_shim
       - provider_test
-      - test_oidc
       - upstream_lint
     uses: ./.github/workflows/publish.yml
     secrets: inherit
@@ -253,68 +252,6 @@ jobs:
                   - dotnet
                   - go
                   - java
-  test_oidc:
-      name: test_oidc
-      needs: build_sdk
-      permissions:
-          contents: read
-          id-token: write
-      runs-on: ubuntu-latest
-      steps:
-          - name: Free Disk Space (Ubuntu)
-            uses: jlumbroso/free-disk-space@main
-            with:
-              dotnet: ${{ matrix.language != 'dotnet' }}
-              swap-storage: false
-              tool-cache: false
-          - name: Checkout Repo
-            uses: actions/checkout@v4
-            with:
-              ref: ${{ env.PR_COMMIT_SHA }}
-              submodules: true
-          - uses: pulumi/provider-version-action@v1
-            with:
-              set-env: PROVIDER_VERSION
-          - name: Setup tools
-            uses: ./.github/actions/setup-tools
-            with:
-              tools: pulumictl, pulumi, go, node
-          - name: Prepare local workspace
-            run: make prepare_local_workspace
-          - name: Download bin
-            uses: ./.github/actions/download-bin
-          - name: Download SDK
-            uses: ./.github/actions/download-sdk
-            with:
-              language: ${{ matrix.language }}
-          - name: Restore makefile progress
-            run: make --touch provider schema build_${{ matrix.language }}
-          - name: Update path
-            run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
-          - name: Install dependencies
-            run: make install_${{ matrix.language}}_sdk
-          - name: Install gotestfmt
-            uses: GoTestTools/gotestfmt-action@v2
-            with:
-              token: ${{ secrets.GITHUB_TOKEN }}
-              version: v2.4.0
-          - name: Run selected tests with manual web identity/OIDC auth
-            run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-          - name: Configure AWS Credentials for OIDC
-            uses: aws-actions/configure-aws-credentials@v4
-            with:
-              aws-region: ${{ env.AWS_REGION }}
-              role-duration-seconds: 3600
-              role-session-name: aws@githubActions
-              role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
-              unset-current-credentials: true
-          - name: Run selected tests with configure-aws-credentials web identity/OIDC auth
-            run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-      strategy:
-          fail-fast: false
-          matrix:
-              language:
-                  - nodejs
   upstream_lint:
       name: Run upstream provider-lint
       runs-on: ubuntu-latest
diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml
@@ -96,7 +96,6 @@ jobs:
     - license_check
     - go_test_shim
     - provider_test
-    - test_oidc
     - upstream_lint
     runs-on: ubuntu-latest
     steps:
@@ -308,68 +307,6 @@ jobs:
                   - dotnet
                   - go
                   - java
-  test_oidc:
-      name: test_oidc
-      needs: build_sdk
-      permissions:
-          contents: read
-          id-token: write
-      runs-on: ubuntu-latest
-      steps:
-          - name: Free Disk Space (Ubuntu)
-            uses: jlumbroso/free-disk-space@main
-            with:
-              dotnet: ${{ matrix.language != 'dotnet' }}
-              swap-storage: false
-              tool-cache: false
-          - name: Checkout Repo
-            uses: actions/checkout@v4
-            with:
-              ref: ${{ env.PR_COMMIT_SHA }}
-              submodules: true
-          - uses: pulumi/provider-version-action@v1
-            with:
-              set-env: PROVIDER_VERSION
-          - name: Setup tools
-            uses: ./.github/actions/setup-tools
-            with:
-              tools: pulumictl, pulumi, go, node
-          - name: Prepare local workspace
-            run: make prepare_local_workspace
-          - name: Download bin
-            uses: ./.github/actions/download-bin
-          - name: Download SDK
-            uses: ./.github/actions/download-sdk
-            with:
-              language: ${{ matrix.language }}
-          - name: Restore makefile progress
-            run: make --touch provider schema build_${{ matrix.language }}
-          - name: Update path
-            run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
-          - name: Install dependencies
-            run: make install_${{ matrix.language}}_sdk
-          - name: Install gotestfmt
-            uses: GoTestTools/gotestfmt-action@v2
-            with:
-              token: ${{ secrets.GITHUB_TOKEN }}
-              version: v2.4.0
-          - name: Run selected tests with manual web identity/OIDC auth
-            run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-          - name: Configure AWS Credentials for OIDC
-            uses: aws-actions/configure-aws-credentials@v4
-            with:
-              aws-region: ${{ env.AWS_REGION }}
-              role-duration-seconds: 3600
-              role-session-name: aws@githubActions
-              role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
-              unset-current-credentials: true
-          - name: Run selected tests with configure-aws-credentials web identity/OIDC auth
-            run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-      strategy:
-          fail-fast: false
-          matrix:
-              language:
-                  - nodejs
   upstream_lint:
       name: Run upstream provider-lint
       runs-on: ubuntu-latest
diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go
