-
-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ACM Support #466
Add ACM Support #466
Conversation
First PR, so feedback is welcome. I wasn't sure how to add tests here, it looks like you create resources in your test accounts then delete them - did you want to wire up a test domain here for the validation for certificates, or I can refactor the code that discovers the certificates to allow for us to mock the ACM API response via an interface, passing in ListCertificatesOutput that we create. |
I opted to mock the ACM API via the httptest package, passing the URL to the session struct that is then passed into the Cloud Nuke ACM functions. I figured if you wanted to wire in a certification and domain validation then it could be tested behind a flag as certs can be slow to provision and validate. I also didn't have permission to set up any certifications or domain validation, so did what I could here. Please let me know what you think. |
@robpickerill This is looking great, thanks for putting this together. I think the approach you took to testing makes sense given the limitations, we will likely set something up on our internal testing accounts eventually. I think the only thing missing is adding a new line to Once that's fixed I'll kick of the tests and get this merged in! |
Thanks @ellisonc - let me patch up the config tests shortly then you can run it through CI |
Tests failed due to: TooManyRequestsException: Too Many Requests in the APIGateway test suite. I can push an empty git commit to restart the test job if you want that. Edit: still the same so I dropped the commit to keep history clean, I'll look into the session creation later, maybe we can increase the exponential backoff on the retryer. |
aws/apigateway_test.go
Outdated
// The defaultretryer is overridden here as the default values for MinRetryDelay and MinThrottleDelay | ||
// are too low for the API Gateway API. | ||
// https://pkg.go.dev/github.com/aws/[email protected]/aws/client#DefaultRetryer | ||
Retryer: client.DefaultRetryer{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if you'd want this here, but offering the ability to increase the min retry on the session as a way to get over the rate limit exceptions on the API Gateway createrestapi in the tests.
If useful it would be better as a generic test function, that all tests can reference.
Also happy to back this out if you don't want to adjust the session config.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for bringing this up. Can you create a new issue to introduce retry logic similar to this? I think it would be better to revert this change for this PR, as it's irrelevant to ACM support.
@ellisonc - if you have any free time, would you have another look over this PR. The apigateway tests failed due to throttling, I added a change to try to accomodate it, but I'm not sure if you want to modify the session. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Left one small nit comment. Will trigger the test pipeline for this.
aws/apigateway_test.go
Outdated
// The defaultretryer is overridden here as the default values for MinRetryDelay and MinThrottleDelay | ||
// are too low for the API Gateway API. | ||
// https://pkg.go.dev/github.com/aws/[email protected]/aws/client#DefaultRetryer | ||
Retryer: client.DefaultRetryer{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for bringing this up. Can you create a new issue to introduce retry logic similar to this? I think it would be better to revert this change for this PR, as it's irrelevant to ACM support.
aws/acm_types.go
Outdated
return "acm" | ||
} | ||
|
||
// ResourceIdentifiers - The volume ids of the ebs volumes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is the resource identifiers referring to ebs volumes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks, fixed that comment
… createrestapi call" This reverts commit 81428c5.
Thanks @robpickerill! I've kicked off tests for this one. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test pipeline passed. LGTM
Thanks for the contribution @robpickerill ! |
Description
Fixes #445.
Adds support for nuking AWS Certificate Manager Certificates.
TODOs
Read the Gruntwork contribution guidelines.
nuke_sandbox
andnuke_phxdevops
jobs in.circleci/config.yml
have been updated with appropriate exclusions (either directly in the job or via the.circleci/nuke_config.yml
file) to prevent nuking IAM roles, groups, resources, etc that are important for the test accounts.Release Notes (draft)
Added ACM support
Migration Guide