Skip to content

Commit

Permalink
Merge branch 'main' into aws-concurrency-beyond-batch
Browse files Browse the repository at this point in the history
  • Loading branch information
@yaron2
yaron2 authored Nov 20, 2024
2 parents 7827b51 + f521a76 commit 6832088
Show file tree
Hide file tree
Showing 63 changed files with 3,254 additions and 830 deletions.
20 changes: 19 additions & 1 deletion .build-tools/builtin-authentication-profiles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,25 @@ aws:
type: string
- title: "AWS: Credentials from Environment Variables"
description: Use AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the environment

- title: "AWS: IAM Roles Anywhere"
description: Use X.509 certificates to establish trust between AWS and your AWS account and the Dapr cluster using AWS IAM Roles Anywhere.
metadata:
- name: trustAnchorArn
description: |
ARN of the AWS Trust Anchor in the AWS account granting trust to the Dapr Certificate Authority.
example: arn:aws:rolesanywhere:us-west-1:012345678910:trust-anchor/01234568-0123-0123-0123-012345678901
required: true
- name: trustProfileArn
description: |
ARN of the AWS IAM Profile in the trusting AWS account.
example: arn:aws:rolesanywhere:us-west-1:012345678910:profile/01234568-0123-0123-0123-012345678901
required: true
- name: assumeRoleArn
description: |
ARN of the AWS IAM role to assume in the trusting AWS account.
example: arn:aws:iam:012345678910:role/exampleIAMRoleName
required: true

azuread:
- title: "Azure AD: Managed identity"
description: Authenticate using Azure AD and a managed identity.
Expand Down
15 changes: 15 additions & 0 deletions .github/infrastructure/docker-compose-secrets-manager.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
version: "3.8"

services:
localstack:
container_name: "conformance-aws-secrets-manager"
image: localstack/localstack
ports:
- "127.0.0.1:4566:4566"
environment:
- DEBUG=1
- DOCKER_HOST=unix:///var/run/docker.sock
volumes:
- "${PWD}/.github/scripts/docker-compose-init/init-conformance-state-aws-secrets-manager.sh:/etc/localstack/init/ready.d/init-aws.sh" # ready hook
- "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack"
- "/var/run/docker.sock:/var/run/docker.sock"
54 changes: 54 additions & 0 deletions ...ub/infrastructure/terraform/conformance/secretstores/aws/secretsmanager/secretsmanager.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
terraform {
required_version = ">=0.13"

required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}

variable "TIMESTAMP" {
type = string
description = "Timestamp of the GitHub workflow run."
}

variable "UNIQUE_ID" {
type = string
description = "Unique ID of the GitHub workflow run."
}

provider "aws" {
region = "us-east-1"
default_tags {
tags = {
Purpose = "AutomatedConformanceTesting"
Timestamp = "${var.TIMESTAMP}"
}
}
}

# Create the first secret in AWS Secrets Manager
resource "aws_secretsmanager_secret" "conftestsecret" {
name = "conftestsecret"
description = "Secret for conformance test"
recovery_window_in_days = 0
}

resource "aws_secretsmanager_secret_version" "conftestsecret_value" {
secret_id = aws_secretsmanager_secret.conftestsecret.id
secret_string = "abcd"
}

# Create the second secret in AWS Secrets Manager
resource "aws_secretsmanager_secret" "secondsecret" {
name = "secondsecret"
description = "Another secret for conformance test"
recovery_window_in_days = 0
}

resource "aws_secretsmanager_secret_version" "secondsecret_value" {
secret_id = aws_secretsmanager_secret.secondsecret.id
secret_string = "efgh"
}
9 changes: 9 additions & 0 deletions .../components-scripts/conformance-secretstores.aws.secretsmanager.secretsmanager-destroy.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/bin/sh

set +e

# Navigate to the Terraform directory
cd ".github/infrastructure/terraform/conformance/secretstores/aws/secretsmanager"

# Run Terraform
terraform destroy -auto-approve -var="UNIQUE_ID=$UNIQUE_ID" -var="TIMESTAMP=$CURRENT_TIME"
15 changes: 15 additions & 0 deletions ...ts/components-scripts/conformance-secretstores.aws.secretsmanager.secretsmanager-setup.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/sh

set -e

# Set variables for GitHub Actions
echo "AWS_REGION=us-east-1" >> $GITHUB_ENV

# Navigate to the Terraform directory
cd ".github/infrastructure/terraform/conformance/secretstores/aws/secretsmanager"

# Run Terraform
terraform init
terraform validate -no-color
terraform plan -no-color -var="UNIQUE_ID=$UNIQUE_ID" -var="TIMESTAMP=$CURRENT_TIME"
terraform apply -auto-approve -var="UNIQUE_ID=$UNIQUE_ID" -var="TIMESTAMP=$CURRENT_TIME"
2 changes: 2 additions & 0 deletions .github/scripts/dapr_bot.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const owners = [
'berndverst',
'daixiang0',
'DeepanshuA',
'elena-kolevska',
'halspang',
'ItalyPaleAle',
'jjcollinge',
Expand All @@ -20,6 +21,7 @@ const owners = [
'RyanLettieri',
'shivamkm07',
'shubham1172',
'sicoyle',
'skyao',
'Taction',
'tmacam',
Expand Down
9 changes: 9 additions & 0 deletions .github/scripts/docker-compose-init/init-conformance-state-aws-secrets-manager.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/bin/bash

awslocal secretsmanager create-secret \
--name conftestsecret \
--secret-string "abcd"

awslocal secretsmanager create-secret \
--name secondsecret \
--secret-string "efgh"
11 changes: 11 additions & 0 deletions .github/scripts/test-info.mjs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,17 @@ const components = {
conformance: true,
certification: true,
},
'secretstores.aws.secretsmanager.terraform': {
conformance: true,
requireAWSCredentials: true,
requireTerraform: true,
conformanceSetup: 'conformance-secretstores.aws.secretsmanager.secretsmanager-setup.sh',
conformanceDestroy: 'conformance-secretstores.aws.secretsmanager.secretsmanager-destroy.sh',
},
'secretstores.aws.secretsmanager.docker': {
conformance: true,
conformanceSetup: 'docker-compose.sh secrets-manager',
},
'state.aws.dynamodb': {
certification: true,
requireAWSCredentials: true,
Expand Down
38 changes: 20 additions & 18 deletions bindings/aws/dynamodb/dynamodb.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ import (

// DynamoDB allows performing stateful operations on AWS DynamoDB.
type DynamoDB struct {
client *dynamodb.DynamoDB
table string
logger logger.Logger
authProvider awsAuth.Provider
table string
logger logger.Logger
}

type dynamoDBMetadata struct {
Expand All @@ -51,18 +51,27 @@ func NewDynamoDB(logger logger.Logger) bindings.OutputBinding {
}

// Init performs connection parsing for DynamoDB.
func (d *DynamoDB) Init(_ context.Context, metadata bindings.Metadata) error {
func (d *DynamoDB) Init(ctx context.Context, metadata bindings.Metadata) error {
meta, err := d.getDynamoDBMetadata(metadata)
if err != nil {
return err
}

client, err := d.getClient(meta)
opts := awsAuth.Options{
Logger: d.logger,
Properties: metadata.Properties,
Region: meta.Region,
Endpoint: meta.Endpoint,
AccessKey: meta.AccessKey,
SecretKey: meta.SecretKey,
SessionToken: meta.SessionToken,
}

provider, err := awsAuth.NewProvider(ctx, opts, awsAuth.GetConfig(opts))
if err != nil {
return err
}

d.client = client
d.authProvider = provider
d.table = meta.Table

return nil
Expand All @@ -84,7 +93,7 @@ func (d *DynamoDB) Invoke(ctx context.Context, req *bindings.InvokeRequest) (*bi
return nil, err
}

_, err = d.client.PutItemWithContext(ctx, &dynamodb.PutItemInput{
_, err = d.authProvider.DynamoDB().DynamoDB.PutItemWithContext(ctx, &dynamodb.PutItemInput{
Item: item,
TableName: aws.String(d.table),
})
Expand All @@ -105,16 +114,6 @@ func (d *DynamoDB) getDynamoDBMetadata(spec bindings.Metadata) (*dynamoDBMetadat
return &meta, nil
}

func (d *DynamoDB) getClient(metadata *dynamoDBMetadata) (*dynamodb.DynamoDB, error) {
sess, err := awsAuth.GetClient(metadata.AccessKey, metadata.SecretKey, metadata.SessionToken, metadata.Region, metadata.Endpoint)
if err != nil {
return nil, err
}
c := dynamodb.New(sess)

return c, nil
}

// GetComponentMetadata returns the metadata of the component.
func (d *DynamoDB) GetComponentMetadata() (metadataInfo metadata.MetadataMap) {
metadataStruct := dynamoDBMetadata{}
Expand All @@ -123,5 +122,8 @@ func (d *DynamoDB) GetComponentMetadata() (metadataInfo metadata.MetadataMap) {
}

func (d *DynamoDB) Close() error {
if d.authProvider != nil {
return d.authProvider.Close()
}
return nil
}
Loading

0 comments on commit 6832088

Please sign in to comment.