Integration Test Workflow (#246)

* Adding integration testing workflow and terraform files

* Added workflow to execute on pull request only

* modified tfvars file name

* Added resource_prefix var, os name

* Applied constant var directly

* Added -var parameter to fetch github run_id env variable

* remove resource_prefix logic and solve secret repo access issue

* test checking out from secret repo

* test pulling secret repo

* fixing destroying resources

* added debug logic to fix plugins permissions issue

* debug logic to check plugins dir location

* removed download artifact step

* debug logic

* debug permission issue

* debug permission issue - 2

* debug permission issue

* debug permission issue

* debug destroy resources

* fix: destroy resources

* remove unnecessary steps

* fix: end to end workflow

* Added resource_prefix var

* Added env variable to set resource_prefix

* removed constant vars from tfvars and used env variable to populate values

* modified names

* fix: eb url

* minor changes

* minor changes

* Added sse encryption to s3 and eb updated config

* Added public access setting to bucket, sse encrpytion and fix eb issue

* eb issue: try

* Added integ test runner repo

* Added repo for sample app, test runner

* minor change

* execute workflow on push too

* Added secret PAT to test workflow

* Added validator module

* Added gradle execution command

* minor change

* minor change: added branch

* Added aws creds

* fixed issue

* minor cleanups

* modified testing module and webapp module

* Added logic to create unique names in case of re running same workflow

* added sample-apps dir

* fixed syntax issue

* added path in upload and download actions

* Added license file

* workflow executes on push

Author: bhautikpip

.github/workflows/IntegrationTesting.yaml

@@ -0,0 +1,171 @@
+name: Integration Testing
+on: push
+
+jobs:
+  build_SDK:
+    name: Build X-Ray Python SDK
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Pull in source code from aws-xray-sdk-python Github repository
+        uses: actions/checkout@v2
+
+      - name: Setup python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.8'
+
+      - name: Build X-Ray Python SDK
+        run: python setup.py sdist
+
+      - name: Upload SDK build artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: sdk-build-artifact
+          path: .
+
+  build_WebApp:
+    name: Build Web Application
+    needs: build_SDK
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.8'
+
+      - name: Download X-Ray SDK build artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: sdk-build-artifact
+          path: ./sample-apps/flask
+
+      - name: Build WebApp with X-Ray Python SDK
+        run: pip3 install . -t .
+        working-directory: ./sample-apps/flask
+
+      - name: Zip up the deployment package
+        run: zip -r deploy.zip . -x '*.git*'
+        working-directory: ./sample-apps/flask
+
+      - name: Upload WebApp with X-Ray SDK build artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: sdk-flask-build-artifact
+          path: ./sample-apps/flask/deploy.zip
+
+  deploy_WebApp:
+    name: Deploy Web Application
+    needs: build_WebApp
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout X-Ray SDK to get terraform source
+        uses: actions/checkout@v2
+
+      - name: Download WebApp with X-Ray SDK build artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: sdk-flask-build-artifact
+
+      - name: Copy deployment package to terraform directory
+        run: cp deploy.zip ./terraform
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+
+      - name: Terraform Init
+        run: terraform init
+        working-directory: ./terraform
+
+      - name: Terraform Validate
+        run: terraform validate -no-color
+        working-directory: ./terraform
+
+      - name: Terraform Plan
+        run: terraform plan -var-file="fixtures.us-west-2.tfvars" -no-color
+        env:
+          TF_VAR_resource_prefix: '${{ github.run_id }}-${{ github.run_number }}'
+        continue-on-error: true
+        working-directory: ./terraform
+
+      - name: Terraform Apply
+        run: terraform apply -var-file="fixtures.us-west-2.tfvars" -auto-approve
+        env:
+          TF_VAR_resource_prefix: '${{ github.run_id }}-${{ github.run_number }}'
+        working-directory: ./terraform
+
+      - name: Upload terraform state files for destorying resources
+        uses: actions/upload-artifact@v2
+        with:
+          name: terraform-state-artifact
+          path: ./terraform
+
+  test_WebApp:
+    name: Test WebApp
+    needs: deploy_WebApp
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/setup-java@v1
+        with:
+          java-version: 14
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Checkout test framework
+        uses: actions/checkout@v2
+        with:
+          repository: aws-observability/aws-otel-test-framework
+          ref: terraform
+
+      - name: Run testing suite
+        run: ./gradlew :validator:run --args='-c default-xray-trace-validation.yml --endpoint http://${{ github.run_id }}-${{ github.run_number }}-eb-app-env.us-west-2.elasticbeanstalk.com'
+
+  cleanup:
+    name: Resource tear down
+    needs: test_WebApp
+    if: true
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Download terraform state artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: terraform-state-artifact
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: set permissions to terraform plugins
+        run: chmod -R a+x .terraform/plugins/registry.terraform.io/hashicorp/aws/3.5.0/linux_amd64/*
+
+      - name: Destroy resources
+        run: terraform destroy -state="terraform.tfstate" -var-file="fixtures.us-west-2.tfvars" -auto-approve
+        env:
+          TF_VAR_resource_prefix: '${{ github.run_id }}-${{ github.run_number }}'

sample-apps/LICENSE

@@ -0,0 +1,14 @@
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this
+software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify,
+merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

sample-apps/flask/Dockerfile

@@ -0,0 +1,9 @@
+FROM python:3.6
+
+WORKDIR /app
+
+COPY . ./
+
+RUN pip install -r requirements.txt
+
+CMD ["python", "application.py"]

sample-apps/flask/application.py

@@ -0,0 +1,67 @@
+import boto3
+from flask import Flask
+from aws_xray_sdk.core import xray_recorder, patch_all
+from aws_xray_sdk.ext.flask.middleware import XRayMiddleware
+from aws_xray_sdk.ext.flask_sqlalchemy.query import XRayFlaskSqlAlchemy
+import requests
+import os
+
+application = app = Flask(__name__)
+application.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+application.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///db.sqlite3"
+
+xray_recorder.configure(service='My Flask Web Application')
+XRayMiddleware(app, xray_recorder)
+patch_all()
+
+db = XRayFlaskSqlAlchemy(app=application)
+
+
+class User(db.Model):
+    __tablename__ = 'users'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(255), nullable=False, unique=True)
+
+
+# test http instrumentation
+@app.route('/outgoing-http-call')
+def callHTTP():
+    requests.get("https://aws.amazon.com")
+    return "Ok! tracing outgoing http call"
+
+
+# test aws sdk instrumentation
+@app.route('/aws-sdk-call')
+def callAWSSDK():
+    client = boto3.client('s3')
+    client.list_buckets()
+
+    return 'Ok! tracing aws sdk call'
+
+
+# test flask-sql alchemy instrumentation
+@app.route('/flask-sql-alchemy-call')
+def callSQL():
+    name = 'sql-alchemy-model'
+    user = User(name=name)
+    db.create_all()
+    db.session.add(user)
+
+    return 'Ok! tracing sql call'
+
+
+@app.route('/')
+def default():
+    return "healthcheck"
+
+
+if __name__ == "__main__":
+    address = os.environ.get('LISTEN_ADDRESS')
+
+    if address is None:
+        host = '127.0.0.1'
+        port = '5000'
+    else:
+        host, port = address.split(":")
+    app.run(host=host, port=int(port), debug=True)

sample-apps/flask/requirements.txt

@@ -0,0 +1,14 @@
+boto3
+certifi==2020.4.5.1
+chardet==3.0.4
+click==7.1.2
+Flask==1.1.2
+idna==2.9
+itsdangerous==1.1.0
+Jinja2==2.11.2
+MarkupSafe==1.1.1
+requests==2.23.0
+urllib3==1.25.9
+Werkzeug==1.0.1
+flask-sqlalchemy==2.4.3
+aws_xray_sdk==2.6.0

terraform/eb.tf

@@ -0,0 +1,74 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.5.0"
+    }
+  }
+}
+
+provider "aws" {
+  profile = "default"
+  region  = var.region
+}
+
+resource "aws_s3_bucket_public_access_block" "bucket_access" {
+  bucket = aws_s3_bucket.eb_app_bucket.id
+
+  restrict_public_buckets   = true
+}
+
+resource "aws_s3_bucket" "eb_app_bucket" {
+  bucket = "${var.resource_prefix}.eb.app.applicationversion"
+
+  versioning {
+    enabled = true
+  }
+
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm     = "AES256"
+      }
+    }
+  }
+}
+
+resource "aws_s3_bucket_object" "eb_app_package" {
+  bucket = aws_s3_bucket.eb_app_bucket.id
+  key    = var.bucket_key
+  source = var.source_path
+}
+
+resource "aws_elastic_beanstalk_application" "eb_app" {
+  name        = "${var.resource_prefix}-EB-App"
+  description = "Deployment of EB App for integration testing"
+}
+
+resource "aws_elastic_beanstalk_application_version" "eb_app_version" {
+  name        = "${var.resource_prefix}-EB-App-1"
+  application = aws_elastic_beanstalk_application.eb_app.name
+  bucket      = aws_s3_bucket.eb_app_bucket.id
+  key         = aws_s3_bucket_object.eb_app_package.id
+}
+
+resource "aws_elastic_beanstalk_environment" "eb_env" {
+  name                = "${var.resource_prefix}-EB-App-Env"
+  application         = aws_elastic_beanstalk_application.eb_app.name
+  solution_stack_name = "64bit Amazon Linux 2 v3.1.1 running Python 3.7"
+  tier = "WebServer"
+  version_label = aws_elastic_beanstalk_application_version.eb_app_version.name
+  cname_prefix = "${var.resource_prefix}-Eb-app-env"
+
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name = "IamInstanceProfile"
+    value = "aws-elasticbeanstalk-ec2-role"
+  }
+
+  setting {
+    namespace = "aws:elasticbeanstalk:xray"
+    name = "XRayEnabled"
+    value = "true"
+  }
+}

terraform/fixtures.us-west-2.tfvars

@@ -0,0 +1,5 @@
+region = "us-west-2"
+
+bucket_key = "beanstalk/deploy.zip"
+
+source_path = "deploy.zip"

terraform/variables.tf

@@ -0,0 +1,17 @@
+variable "region" {
+  type        = string
+  description = "AWS region for deployment of resources"
+}
+
+variable "bucket_key" {
+  type        = string
+  description = "AWS s3 object key"
+}
+
+variable "source_path" {
+  type        = string
+  description = "local source zip path to upload on AWS s3 bucket"
+}
+
+variable "resource_prefix" {}
+