Merge branch 'elastic:main' into fix-gcp-period

elastic · Jun 27, 2024 · 70d9a34 · 70d9a34
2 parents ebef908 + c2b2983
commit 70d9a34
Show file tree

Hide file tree

Showing 9 changed files with 156 additions and 615 deletions.
diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command
@@ -6,7 +6,6 @@ source .buildkite/env-scripts/util.sh
 
 # Secrets must be redacted
 # https://buildkite.com/docs/pipelines/managing-log-output#redacted-environment-variables
-AWS_SERVICE_ACCOUNT_SECRET_PATH="kv/ci-shared/platform-ingest/aws_account_auth"
 PRIVATE_CI_GCS_CREDENTIALS_PATH="kv/ci-shared/platform-ingest/gcp-platform-ingest-ci-service-account"
 DOCKER_REGISTRY_SECRET_PATH="kv/ci-shared/platform-ingest/docker_registry_prod"
 GITHUB_TOKEN_VAULT_PATH="kv/ci-shared/platform-ingest/github_token"
@@ -75,15 +74,6 @@ for slug in "${ENABLED_BEATS_PIPELINES_SLUGS[@]}"; do
   fi
 done
 
-if [[ "$BUILDKITE_PIPELINE_SLUG" == *"xpack-metricbeat"* || "$BUILDKITE_PIPELINE_SLUG" == "beats-xpack-filebeat" ]]; then
-  if [[ "$BUILDKITE_STEP_KEY" == *"extended-cloud-test"* ]]; then
-    BEATS_AWS_SECRET_KEY=$(retry_with_count 5 vault kv get -field secret_key ${AWS_SERVICE_ACCOUNT_SECRET_PATH})
-    export BEATS_AWS_SECRET_KEY
-    BEATS_AWS_ACCESS_KEY=$(retry_with_count 5 vault kv get -field access_key ${AWS_SERVICE_ACCOUNT_SECRET_PATH})
-    export BEATS_AWS_ACCESS_KEY
-  fi
-fi
-
 if [[ "$BUILDKITE_PIPELINE_SLUG" == "beats-xpack-packetbeat" ]]; then
   if [[ "$BUILDKITE_STEP_KEY" == "extended-win-10-system-tests" || "$BUILDKITE_STEP_KEY" == "mandatory-win-2022-system-tests" ]]; then
     PRIVATE_CI_GCS_CREDENTIALS_SECRET=$(retry_with_count 5 vault kv get -field plaintext -format=json ${PRIVATE_CI_GCS_CREDENTIALS_PATH})

diff --git a/.buildkite/pull-requests.json b/.buildkite/pull-requests.json
@@ -15,22 +15,6 @@
             "skip_target_branches": [ ],
             "skip_ci_on_only_changed": [ ],
             "always_require_ci_on_changed": [ ]
-        },
-        {
-            "enabled": true,
-            "pipelineSlug": "beats-xpack-elastic-agent",
-            "allow_org_users": true,
-            "allowed_repo_permissions": ["admin", "write"],
-            "allowed_list": ["dependabot[bot]", "mergify[bot]", "github-actions[bot]"],
-            "set_commit_status": true,
-            "build_on_commit": true,
-            "build_on_comment": true,
-            "trigger_comment_regex": "^/test elastic-agent$",
-            "always_trigger_comment_regex": "^/test elastic-agent$",
-            "skip_ci_labels": [  ],
-            "skip_target_branches": [ ],
-            "skip_ci_on_only_changed": ["^x-pack/elastic-agent/README.md", "^x-pack/elastic-agent/docs/.*", "^x-pack/elastic-agent/devtools/.*" ],
-            "always_require_ci_on_changed": ["^x-pack/elastic-agent/.*", ".buildkite/x-pack/elastic-agent/.*", "^go.mod", "^pytest.ini", "^dev-tools/.*", "^libbeat/.*", "^testing/.*"]
-        }
+        }        
     ]
 }
diff --git a/.buildkite/scripts/initCloudEnv.sh b/.buildkite/scripts/initCloudEnv.sh
@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPO_DIR=$(pwd)
+AWS_SERVICE_ACCOUNT_SECRET_PATH="kv/ci-shared/platform-ingest/aws_account_auth"
+
+exportAwsSecrets() {
+  local awsSecretKey
+  local awsAccessKey
+
+  awsSecretKey=$(retry -t 5 -- vault kv get -field secret_key ${AWS_SERVICE_ACCOUNT_SECRET_PATH})
+  awsAccessKey=$(retry -t 5 -- vault kv get -field access_key ${AWS_SERVICE_ACCOUNT_SECRET_PATH})
+
+  echo "~~~ Exporting AWS secrets"
+  export AWS_ACCESS_KEY_ID=$awsAccessKey
+  export AWS_SECRET_ACCESS_KEY=$awsSecretKey
+
+  # AWS_REGION is not set here, since AWS region is taken from beat corresponding *.tf file:
+  # - x-pack/metricbeat/module/aws/terraform.tf
+  # - x-pack/filebeat/input/awscloudwatch/_meta/terraform/variables.tf
+}
+
+terraformApply() {
+  echo "Exporting Terraform Env Vars"
+  TF_VAR_BRANCH=$(echo "${BUILDKITE_BRANCH}" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9-]/-/g')
+  TF_VAR_CREATED_DATE=$(date +%s)
+  export TF_VAR_BUILD_ID="${BUILDKITE_BUILD_ID}"
+  export TF_VAR_ENVIRONMENT="ci"
+  export TF_VAR_REPO="beats"
+  export TF_VAR_BRANCH
+  export TF_VAR_CREATED_DATE
+
+  echo "Terraform Init on $MODULE_DIR"
+  terraform -chdir="$MODULE_DIR" init
+
+  echo "Terraform Apply on $MODULE_DIR"
+  terraform -chdir="$MODULE_DIR" apply -auto-approve
+}
+
+terraformDestroy() {
+  echo "~~~ Terraform Destroy"
+  cd $REPO_DIR
+  find "$MODULE_DIR" -name terraform.tfstate -print0 | while IFS= read -r -d '' tfstate; do
+    cd "$(dirname "$tfstate")"
+    buildkite-agent artifact upload "**/terraform.tfstate"
+    buildkite-agent artifact upload "**/.terraform/**"
+    buildkite-agent artifact upload "outputs*.yml"
+    if ! terraform destroy -auto-approve; then
+      return 1
+    fi
+    cd -
+  done
+  return 0
+}
+
+dockerUp() {
+  echo "~~~ Run docker-compose services for emulated cloud env"
+  docker-compose -f .buildkite/deploy/docker/docker-compose.yml up -d
+}
+
+dockerTeardown() {
+  echo "~~~ Docker Compose Teardown"
+  docker-compose -f .buildkite/deploy/docker/docker-compose.yml down -v
+}
+
+terraformSetup() {
+  max_retries=2
+  timeout=5
+  retries=0
+
+  while true; do
+    echo "~~~ Setting up Terraform"
+    out=$(terraformApply 2>&1)
+    exit_code=$?
+
+    echo "$out"
+
+    if [ $exit_code -eq 0 ]; then
+      break
+    else
+      retries=$((retries + 1))
+
+      if [ $retries -gt $max_retries ]; then
+        teardown
+        echo "+++ Terraform init & apply failed: $out"
+        exit 1
+      fi
+
+      teardown
+
+      sleep_time=$((timeout * retries))
+      echo "~~~~ Retry #$retries failed. Retrying after ${sleep_time}s..."
+      sleep $sleep_time
+    fi
+  done
+}
+
+teardown() {
+  terraformDestroy
+  dockerTeardown
+}
+
+trap 'teardown' EXIT
+
+exportAwsSecrets
+dockerUp
+terraformSetup
diff --git a/.buildkite/scripts/setup_cloud_env.sh b/.buildkite/scripts/setup_cloud_env.sh
diff --git a/.buildkite/x-pack/pipeline.xpack.filebeat.yml b/.buildkite/x-pack/pipeline.xpack.filebeat.yml
@@ -45,7 +45,7 @@ steps:
         notify:
           - github_commit_status:
               context: "x-pack-filebeat: check/update"
-      
+
   - wait: ~
     # with PRs, we want to run mandatory tests only if check/update step succeed
     # for other cases, e.g. merge commits, we want to run mundatory test (and publish) independently of other tests
@@ -285,53 +285,23 @@ steps:
           - github_commit_status:
               context: "x-pack/filebeat: macOS arm64 Unit Tests"
 
-      - label: ":ubuntu: x-pack/filebeat Cloud (MODULE) Tests"
+      - label: ":ubuntu: x-pack/filebeat AWS Tests"
         key: "x-pack-filebeat-extended-cloud-test"
+        skip: "skipping as it was on Jenkins: elastic/ingest-dev#3467"
+        # Related issue: https://github.com/elastic/ingest-dev/issues/3467
         if: build.env("GITHUB_PR_LABELS") =~ /.*aws.*/
         command: |
           set -euo pipefail
-          # defines the MODULE env var based on what's changed in a PR
-          source .buildkite/scripts/changesets.sh
-          defineModuleFromTheChangeSet x-pack/filebeat
-          echo "~~~ Running tests"
-          source .buildkite/scripts/setup_cloud_env.sh
-          cd x-pack/filebeat
-          mage build test
-        env:
-          ASDF_TERRAFORM_VERSION: 1.0.2
-          AWS_REGION: "eu-central-1"
-          MODULE_DIR: "x-pack/filebeat/input/awss3/_meta/terraform"
-          REPO: beats
-        agents:
-          provider: "gcp"
-          image: "${IMAGE_UBUNTU_X86_64}"
-          machineType: "${GCP_DEFAULT_MACHINE_TYPE}"
-        artifact_paths:
-          - "x-pack/filebeat/build/*.xml"
-          - "x-pack/filebeat/build/*.json"
-        notify:
-          - github_commit_status:
-              context: "x-pack/filebeat: Cloud (MODULE) Tests"
-
-      - label: ":ubuntu: x-pack/filebeat Cloud AWS (MODULE) Tests"
-        key: "x-pack-filebeat-extended-cloud-test-aws"
-        skip: "Skipping due to elastic/beats#36425"
-        # https://github.com/elastic/beats/issues/36425
-        if: build.env("BUILDKITE_PULL_REQUEST") == "false"  || build.env("GITHUB_PR_LABELS") =~ /.*aws.*/
-        command: |
-          set -euo pipefail
-          # defines the MODULE env var based on what's changed in a PR
-          source .buildkite/scripts/changesets.sh
-          defineModuleFromTheChangeSet x-pack/filebeat
+          source .buildkite/scripts/initCloudEnv.sh
           echo "~~~ Running tests"
-          source .buildkite/scripts/setup_cloud_env.sh
           cd x-pack/filebeat
           mage build test goIntegTest
         env:
           ASDF_TERRAFORM_VERSION: 1.0.2
-          AWS_REGION: "eu-central-1"
           MODULE_DIR: "x-pack/filebeat/input/awss3/_meta/terraform"
-          REPO: beats
+          MODULE: "aws"
+          #  TEST_TAGS should be reviewed and updated: https://github.com/elastic/ingest-dev/issues/3476
+          TEST_TAGS: "aws"
         agents:
           provider: "aws"
           imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}"
@@ -341,7 +311,7 @@ steps:
           - "x-pack/filebeat/build/*.json"
         notify:
           - github_commit_status:
-              context: "x-pack/filebeat: Cloud AWS (MODULE) Tests"
+              context: "x-pack/filebeat: AWS Tests"
 
   - wait: ~
     # with PRs, we want to run packaging only if mandatory tests succeed