Merge pull request #834 from snyk/test/fix-integration-tests

test: replace AWS CLI installation with CircleCI orb

Author: dkontorovskyy

.circleci/config.yml

@@ -38,13 +38,15 @@ jobs:
             image: ubuntu-2004:202010-01
         steps:
             - checkout
+            - setup_node16
             - install_python_requests
             - azure-cli/install
             - run:
                 command: mkdir -p /tmp/logs/test/integration/aks
                 name: Create temp dir for logs
             - run:
                 command: |
+                    npm install &&
                     export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
                     .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:aks:yaml
                 name: Integration tests AKS
@@ -193,11 +195,14 @@ jobs:
             - checkout
             - install_python_requests
             - setup_node16
+            - aws-cli/install:
+                override-installed: true
             - run:
                 command: mkdir -p /tmp/logs/test/integration/eks
                 name: Create temp dir for logs
             - run:
                 command: |
+                    npm install &&
                     export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
                     .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:eks:yaml
                 name: Integration tests EKS
@@ -890,6 +895,7 @@ master_branch_only_filter:
             only:
                 - master
 orbs:
+    aws-cli: circleci/[email protected]
     azure-cli: circleci/[email protected]
     redhat-openshift: circleci/[email protected]
 staging_branch_only_filter:

.circleci/config/jobs/@jobs.yml

@@ -235,12 +235,15 @@ eks_integration_tests:
     - checkout
     - install_python_requests
     - setup_node16
+    - aws-cli/install:
+        override-installed: true
     - run:
         name: Create temp dir for logs
         command: mkdir -p /tmp/logs/test/integration/eks
     - run:
         name: Integration tests EKS
         command: |
+          npm install &&
           export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
           .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:eks:yaml
     - run:
@@ -267,6 +270,7 @@ aks_integration_tests:
     - run:
         name: Integration tests AKS
         command: |
+          npm install &&
           export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
           .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:aks:yaml
     - run:

.circleci/config/orbs/@aws-cli.yml

@@ -0,0 +1 @@
+aws-cli: circleci/[email protected]

test/setup/platforms/eks.ts

@@ -1,6 +1,6 @@
-import { throwIfEnvironmentVariableUnset } from './helpers';
 import * as kubectl from '../../helpers/kubectl';
 import { execWrapper as exec } from '../../helpers/exec';
+import { throwIfEnvironmentVariableUnset } from './helpers';
 
 export async function validateRequiredEnvironment(): Promise<void> {
   console.log(
@@ -14,9 +14,6 @@ export async function validateRequiredEnvironment(): Promise<void> {
 }
 
 export async function setupTester(): Promise<void> {
-  // update the `aws` CLI, the one in CircleCI's default image is outdated and doens't support eks
-  await exec('pip install awscli --ignore-installed six');
-
   // TODO: assert all the vars are present before starting the setup?
   // TODO: wipe out the data during teardown?
   await exec(
@@ -48,24 +45,24 @@ export async function loadImageInCluster(
 ): Promise<string> {
   console.log(`Loading image ${imageNameAndTag} in ECR...`);
 
-  const ecrLogin = await exec(
-    'aws ecr get-login --region us-east-2 --no-include-email',
+  const accountIdResult = await exec(
+    'aws sts get-caller-identity --query Account --output text',
   );
+  const accountId = accountIdResult.stdout.trim();
+  const ecrURL = `${accountId}.dkr.ecr.${process.env.AWS_REGION}.amazonaws.com`;
 
-  // aws ecr get-login returns something that looks like:
-  // docker login -U AWS -p <secret> https://the-address-of-ecr-we-should-use.com
-  // `docker tag` wants just the last part without https://
-  // `docker login` wants everything
+  const ecrLogin = await exec(
+    `aws ecr get-login-password | docker login --username AWS --password-stdin "${ecrURL}"`,
+  );
 
   // validate output so we don't execute malicious stuff
-  if (ecrLogin.stdout.indexOf('docker login -u AWS -p') !== 0) {
-    throw new Error('aws ecr get-login returned an unexpected output');
+  if (!ecrLogin.stdout.includes('Login Succeeded')) {
+    throw new Error('aws ecr get-login-password returned an unexpected output');
   }
 
-  const targetImage = targetImageFromLoginDetails(ecrLogin.stdout);
+  const targetImage = `${ecrURL}/snyk/kubernetes-monitor:local`;
 
   await exec(`docker tag ${imageNameAndTag} ${targetImage}`);
-  await exec(ecrLogin.stdout);
   await exec(`docker push ${targetImage}`);
 
   console.log(`Loaded image ${targetImage} in ECR`);
@@ -78,11 +75,3 @@ export async function clean(): Promise<void> {
     kubectl.deleteNamespace('snyk-monitor'),
   ]);
 }
-
-function targetImageFromLoginDetails(ecrLoginOutput: string): string {
-  const split = ecrLoginOutput.split(' ');
-  const targetImagePrefix = split[split.length - 1]
-    .replace('https://', '')
-    .trim();
-  return `${targetImagePrefix}/snyk/kubernetes-monitor:local`;
-}