Initial workflow testing.

.github/workflows/python-ecs-e2e-canary-test.yml

@@ -4,10 +4,10 @@
 ## Operator and our sample app and remote service onto a native K8s cluster, call the
 ## APIs, and validate the generated telemetry, including logs, metrics, and traces.
 ## It will then clean up the cluster and EC2 instance it runs on for the next test run.
-name: Application Signals Enablement - Python ECS E2E Canary Testing
+name: ZZH Application Signals Enablement - Python ECS E2E Canary Testing
 on:
-  schedule:
-    - cron: '*/15 * * * *' # run the workflow every 15 minutes
+#  schedule:
+#    - cron: '*/15 * * * *' # run the workflow every 15 minutes
   workflow_dispatch: # be able to run the workflow on demand
 
 permissions:

.github/workflows/python-ecs-e2e-test.yml

@@ -38,6 +38,9 @@ env:
   METRIC_NAMESPACE: ApplicationSignals
   LOG_GROUP_NAME: /aws/application-signals/data
   TEST_RESOURCES_FOLDER: ${GITHUB_WORKSPACE}
+  ACCOUNT_ID: '007003802740'
+  E2E_TEST_ACCOUNT_ID: ${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}
+  E2E_TEST_ROLE_NAME: ${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }}
 
 jobs:
   python-ecs:
@@ -77,7 +80,7 @@ jobs:
         uses: aws-actions/aws-secretsmanager-get-secrets@v1
         with:
           secret-ids: |
-            ACCOUNT_ID, region-account/${{ env.E2E_TEST_AWS_REGION }}
+#            ACCOUNT_ID, region-account/${{ env.E2E_TEST_AWS_REGION }}
             PYTHON_MAIN_SAMPLE_APP_IMAGE, e2e-test/python-main-sample-app-image
             PYTHON_REMOTE_SAMPLE_APP_IMAGE, e2e-test/python-remote-sample-app-image
 
@@ -189,62 +192,62 @@ jobs:
           max_retry: 3
           sleep_time: 60
 
-      # Validation for app signals telemetry data
-      - name: Call endpoint and validate generated EMF logs
-        id: log-validation
-        if: steps.deploy-sample-app.outcome == 'success' && !cancelled()
-        run: ./gradlew validator:run --args='-c python/ecs/log-validation.yml
-          --testing-id ${{ env.TESTING_ID }}
-          --region ${{ env.E2E_TEST_AWS_REGION }}
-          --account-id ${{ env.ACCOUNT_ID }}
-          --metric-namespace ${{ env.METRIC_NAMESPACE }}
-          --log-group ${{ env.LOG_GROUP_NAME }}
-          --platform-info ${{ env.CLUSTER_NAME }}
-          --service-name ${{env.SAMPLE_APP_NAME }}
-          --rollup'
-
-      - name: Call endpoints and validate generated metrics
-        id: metric-validation
-        if: (steps.deploy-sample-app.outcome == 'success' || steps.log-validation.outcome == 'failure') && !cancelled()
-        run: ./gradlew validator:run --args='-c python/ecs/metric-validation.yml
-          --testing-id ${{ env.TESTING_ID }}
-          --region ${{ env.E2E_TEST_AWS_REGION }}
-          --account-id ${{ env.ACCOUNT_ID }}
-          --metric-namespace ${{ env.METRIC_NAMESPACE }}
-          --log-group ${{ env.LOG_GROUP_NAME }}
-          --platform-info ${{ env.CLUSTER_NAME }}
-          --service-name ${{env.SAMPLE_APP_NAME }}
-          --rollup'
-
-      - name: Call endpoints and validate generated traces
-        id: trace-validation
-        if: (steps.deploy-sample-app.outcome == 'success' || steps.log-validation.outcome == 'failure' || steps.metric-validation.outcome == 'failure') && !cancelled()
-        run: ./gradlew validator:run --args='-c python/ecs/trace-validation.yml
-          --testing-id ${{ env.TESTING_ID }}
-          --region ${{ env.E2E_TEST_AWS_REGION }}
-          --account-id ${{ env.ACCOUNT_ID }}
-          --metric-namespace ${{ env.METRIC_NAMESPACE }}
-          --log-group ${{ env.LOG_GROUP_NAME }}
-          --platform-info ${{ env.CLUSTER_NAME }}
-          --service-name ${{env.SAMPLE_APP_NAME }}
-          --rollup'
-
-      - name: Publish metric on test result
-        if: always()
-        run: |
-          if [ "${{ steps.log-validation.outcome }}" = "success" ] && [ "${{ steps.metric-validation.outcome }}" = "success" ] && [ "${{ steps.trace-validation.outcome }}" = "success" ]; then
-            aws cloudwatch put-metric-data --namespace 'ADOT/GitHubActions' \
-            --metric-name Failure \
-            --dimensions repository=${{ github.repository }},branch=${{ github.ref_name }},workflow=${{ env.CALLER_WORKFLOW_NAME }} \
-            --value 0.0 \
-            --region ${{ env.E2E_TEST_AWS_REGION }}
-          else
-            aws cloudwatch put-metric-data --namespace 'ADOT/GitHubActions' \
-            --metric-name Failure \
-            --dimensions repository=${{ github.repository }},branch=${{ github.ref_name }},workflow=${{ env.CALLER_WORKFLOW_NAME }} \
-            --value 1.0 \
-            --region ${{ env.E2E_TEST_AWS_REGION }}
-          fi
+#      # Validation for app signals telemetry data
+#      - name: Call endpoint and validate generated EMF logs
+#        id: log-validation
+#        if: steps.deploy-sample-app.outcome == 'success' && !cancelled()
+#        run: ./gradlew validator:run --args='-c python/ecs/log-validation.yml
+#          --testing-id ${{ env.TESTING_ID }}
+#          --region ${{ env.E2E_TEST_AWS_REGION }}
+#          --account-id ${{ env.ACCOUNT_ID }}
+#          --metric-namespace ${{ env.METRIC_NAMESPACE }}
+#          --log-group ${{ env.LOG_GROUP_NAME }}
+#          --platform-info ${{ env.CLUSTER_NAME }}
+#          --service-name ${{env.SAMPLE_APP_NAME }}
+#          --rollup'
+#
+#      - name: Call endpoints and validate generated metrics
+#        id: metric-validation
+#        if: (steps.deploy-sample-app.outcome == 'success' || steps.log-validation.outcome == 'failure') && !cancelled()
+#        run: ./gradlew validator:run --args='-c python/ecs/metric-validation.yml
+#          --testing-id ${{ env.TESTING_ID }}
+#          --region ${{ env.E2E_TEST_AWS_REGION }}
+#          --account-id ${{ env.ACCOUNT_ID }}
+#          --metric-namespace ${{ env.METRIC_NAMESPACE }}
+#          --log-group ${{ env.LOG_GROUP_NAME }}
+#          --platform-info ${{ env.CLUSTER_NAME }}
+#          --service-name ${{env.SAMPLE_APP_NAME }}
+#          --rollup'
+#
+#      - name: Call endpoints and validate generated traces
+#        id: trace-validation
+#        if: (steps.deploy-sample-app.outcome == 'success' || steps.log-validation.outcome == 'failure' || steps.metric-validation.outcome == 'failure') && !cancelled()
+#        run: ./gradlew validator:run --args='-c python/ecs/trace-validation.yml
+#          --testing-id ${{ env.TESTING_ID }}
+#          --region ${{ env.E2E_TEST_AWS_REGION }}
+#          --account-id ${{ env.ACCOUNT_ID }}
+#          --metric-namespace ${{ env.METRIC_NAMESPACE }}
+#          --log-group ${{ env.LOG_GROUP_NAME }}
+#          --platform-info ${{ env.CLUSTER_NAME }}
+#          --service-name ${{env.SAMPLE_APP_NAME }}
+#          --rollup'
+#
+#      - name: Publish metric on test result
+#        if: always()
+#        run: |
+#          if [ "${{ steps.log-validation.outcome }}" = "success" ] && [ "${{ steps.metric-validation.outcome }}" = "success" ] && [ "${{ steps.trace-validation.outcome }}" = "success" ]; then
+#            aws cloudwatch put-metric-data --namespace 'ADOT/GitHubActions' \
+#            --metric-name Failure \
+#            --dimensions repository=${{ github.repository }},branch=${{ github.ref_name }},workflow=${{ env.CALLER_WORKFLOW_NAME }} \
+#            --value 0.0 \
+#            --region ${{ env.E2E_TEST_AWS_REGION }}
+#          else
+#            aws cloudwatch put-metric-data --namespace 'ADOT/GitHubActions' \
+#            --metric-name Failure \
+#            --dimensions repository=${{ github.repository }},branch=${{ github.ref_name }},workflow=${{ env.CALLER_WORKFLOW_NAME }} \
+#            --value 1.0 \
+#            --region ${{ env.E2E_TEST_AWS_REGION }}
+#          fi
 
       # Clean up Procedures
 

policys.txt

@@ -0,0 +1,52 @@
+githubProviderRole
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Effect": "Allow",
+			"Principal": {
+				"Federated": "arn:aws:iam::654654176582:oidc-provider/token.actions.githubusercontent.com"
+			},
+			"Action": "sts:AssumeRoleWithWebIdentity",
+			"Condition": {
+				"StringLike": {
+					"token.actions.githubusercontent.com:sub": [
+						"repo:aws-observability/aws-application-signals-test-framework:ref:refs/heads/*",
+						"repo:aws-observability/aws-otel-python-instrumentation:ref:refs/heads/*",
+						"repo:aws-observability/aws-otel-dotnet-instrumentation:ref:refs/heads/*",
+						"repo:aws-observability/aws-otel-js-instrumentation:ref:refs/heads/*",
+						"repo:aws-observability/aws-otel-java-instrumentation:ref:refs/heads/*",
+						"repo:aws-observability/aws-otel-community:ref:refs/heads/*"
+					]
+				}
+			}
+		},
+		{
+			"Effect": "Allow",
+			"Principal": {
+				"AWS": "arn:aws:iam::654654176582:root"
+			},
+			"Action": "sts:AssumeRole"
+		}
+	]
+}
+
+
+MAIN_SAMPLE_APP_IMAGE_URI = 654654176582.dkr.ecr.us-east-1.amazonaws.com/appsignals-python-django-main-service
+REMOTE_SAMPLE_APP_IMAGE_URI = 654654176582.dkr.ecr.us-east-1.amazonaws.com/appsignals-python-django-remote-service
+
+
+Task Role: ecsE2ETestRole
+AmazonEC2ContainerServiceRole
+AmazonS3FullAccess
+AmazonSSMReadOnlyAccess
+AWSXrayWriteOnlyAccess
+AWSXRayDaemonWriteAccess
+CloudWatchAgentServerPolicy
+ECSDataDog
+ECSFargateAllowExecuteCommand
+
+Task Execution Role: ecsE2ETestExecutionRole
+AmazonECSTaskExecutionRolePolicy
+AmazonSSMReadOnlyAccess
+CloudWatchAgentServerPolicy