migrate E2E test runs to new AWS account (#8676)

hashicorp · Aug 18, 2020 · d8ac3f9 · d8ac3f9
1 parent a153515
commit d8ac3f9
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 73 deletions.
diff --git a/e2e/framework/provisioning/deploy.go b/e2e/framework/provisioning/deploy.go
@@ -41,7 +41,7 @@ func deployLinux(t *testing.T, target *ProvisioningTarget) error {
 		if deployment.RemoteBinaryPath == "" {
 			return fmt.Errorf("remote binary path not set")
 		}
-		s3_url := fmt.Sprintf("s3://nomad-team-test-binary/builds-oss/nomad_%s_%s.tar.gz",
+		s3_url := fmt.Sprintf("s3://nomad-team-dev-test-binaries/builds-oss/nomad_%s_%s.tar.gz",
 			deployment.Platform, deployment.NomadSha,
 		)
 		remoteDir := filepath.Dir(deployment.RemoteBinaryPath)
@@ -119,7 +119,7 @@ func deployWindows(t *testing.T, target *ProvisioningTarget) error {
 			return fmt.Errorf("remote binary path not set")
 		}
 		script := fmt.Sprintf(`
-			Read-S3Object -BucketName nomad-team-test-binary -Key "builds-oss/nomad_windows_amd64_%s.zip" -File ./nomad.zip
+			Read-S3Object -BucketName nomad-team-dev-test-binaries -Key "builds-oss/nomad_windows_amd64_%s.zip" -File ./nomad.zip
 			Expand-Archive ./nomad.zip ./ -Force
 			Remove-Item %s  -ErrorAction Ignore
 			Move-Item -Path .\pkg\windows_amd64\nomad.exe -Destination %s -Force`,

diff --git a/e2e/terraform/compute.tf b/e2e/terraform/compute.tf
@@ -4,6 +4,7 @@ resource "aws_instance" "server" {
   key_name               = module.keys.key_name
   vpc_security_group_ids = [aws_security_group.primary.id]
   count                  = var.server_count
+  iam_instance_profile   = data.aws_iam_instance_profile.nomad_e2e_cluster.name
   availability_zone      = var.availability_zone
 
   # Instance tags
@@ -13,8 +14,6 @@ resource "aws_instance" "server" {
     SHA            = var.nomad_sha
     User           = data.aws_caller_identity.current.arn
   }
-
-  iam_instance_profile = aws_iam_instance_profile.instance_profile.name
 }
 
 resource "aws_instance" "client_linux" {
@@ -24,6 +23,7 @@ resource "aws_instance" "client_linux" {
   vpc_security_group_ids = [aws_security_group.primary.id]
   count                  = var.client_count
   depends_on             = [aws_instance.server]
+  iam_instance_profile   = data.aws_iam_instance_profile.nomad_e2e_cluster.name
   availability_zone      = var.availability_zone
 
   # Instance tags
@@ -40,8 +40,6 @@ resource "aws_instance" "client_linux" {
     volume_size           = "50"
     delete_on_termination = "true"
   }
-
-  iam_instance_profile = aws_iam_instance_profile.instance_profile.name
 }
 
 resource "aws_instance" "client_windows" {
@@ -51,7 +49,7 @@ resource "aws_instance" "client_windows" {
   vpc_security_group_ids = [aws_security_group.primary.id]
   count                  = var.windows_client_count
   depends_on             = [aws_instance.server]
-  iam_instance_profile   = aws_iam_instance_profile.instance_profile.name
+  iam_instance_profile   = data.aws_iam_instance_profile.nomad_e2e_cluster.name
   availability_zone      = var.availability_zone
 
   # Instance tags

diff --git a/e2e/terraform/iam.tf b/e2e/terraform/iam.tf
@@ -1,67 +1,4 @@
-resource "aws_iam_instance_profile" "instance_profile" {
-  name_prefix = local.random_name
-  role        = aws_iam_role.instance_role.name
-}
-
-resource "aws_iam_role" "instance_role" {
-  name_prefix        = local.random_name
-  assume_role_policy = data.aws_iam_policy_document.instance_role.json
-}
-
-data "aws_iam_policy_document" "instance_role" {
-  statement {
-    effect  = "Allow"
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["ec2.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role_policy" "auto_discover_cluster" {
-  name   = "auto-discover-cluster"
-  role   = aws_iam_role.instance_role.id
-  policy = data.aws_iam_policy_document.auto_discover_cluster.json
-}
-
-# Note: Overloading this instance profile to access
-# test binaries, should be renamed.
-data "aws_iam_policy_document" "auto_discover_cluster" {
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "ec2:DescribeInstances",
-      "ec2:DescribeTags",
-      "autoscaling:DescribeAutoScalingGroups",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "ec2:DescribeInstances",
-      "ec2:DescribeTags",
-      "ec2:DescribeVolume*",
-      "ec2:AttachVolume",
-      "ec2:DetachVolume",
-      "autoscaling:DescribeAutoScalingGroups",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "s3:PutObject",
-      "s3:GetObject",
-      "s3:DeleteObject",
-    ]
-    resources = ["arn:aws:s3:::nomad-team-test-binary/*"]
-  }
+# note: the creation of this instance profile is in a HashiCorp private repo
+data "aws_iam_instance_profile" "nomad_e2e_cluster" {
+  name = "nomad_e2e_cluster"
 }
diff --git a/e2e/terraform/main.tf b/e2e/terraform/main.tf
@@ -43,8 +43,29 @@ variable "nomad_sha" {
   default     = ""
 }
 
+variable "aws_assume_role_arn" {
+  description = "The AWS IAM role to assume (not used by human users)"
+  default     = ""
+}
+
+variable "aws_assume_role_session_name" {
+  description = "The AWS IAM session name to assume (not used by human users)"
+  default     = ""
+}
+
+variable "aws_assume_role_external_id" {
+  description = "The AWS IAM external ID to assume (not used by human users)"
+  default     = ""
+}
+
 provider "aws" {
   region = var.region
+
+  assume_role {
+    role_arn     = var.aws_assume_role_arn
+    session_name = var.aws_assume_role_session_name
+    external_id  = var.aws_assume_role_external_id
+  }
 }
 
 resource "random_pet" "e2e" {