-
Notifications
You must be signed in to change notification settings - Fork 0
250 lines (204 loc) · 9.26 KB
/
ssm-test.yml
File metadata and controls
250 lines (204 loc) · 9.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
name: ssm-test
on:
push:
branches:
- master
pull_request:
branches:
- master
workflow_dispatch:
jobs:
ssm-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust
run: rustup toolchain install stable
- uses: Swatinem/rust-cache@v2
- name: Build and start Rustack
id: rustack
run: |
cargo build --release -p rustack-cli
GATEWAY_LISTEN=0.0.0.0:4566 \
LOG_LEVEL=warn \
cargo run --release -p rustack-cli &
for i in $(seq 1 30); do
if curl -sf http://127.0.0.1:4566/_localstack/health > /dev/null 2>&1; then
echo "Server is ready"
break
fi
if [ "$i" -eq 30 ]; then
echo "::error::Server did not start within 30s"
exit 1
fi
sleep 1
done
echo "endpoint=http://localhost:4566" >> "$GITHUB_OUTPUT"
echo "AWS_ENDPOINT_URL=http://localhost:4566" >> "$GITHUB_ENV"
echo "AWS_DEFAULT_REGION=us-east-1" >> "$GITHUB_ENV"
echo "AWS_ACCESS_KEY_ID=test" >> "$GITHUB_ENV"
echo "AWS_SECRET_ACCESS_KEY=test" >> "$GITHUB_ENV"
# ── PutParameter + GetParameter ─────────────────────────────────
- name: "PutParameter + GetParameter: basic CRUD"
run: |
set -euo pipefail
# Put a String parameter
VERSION=$(aws ssm put-parameter \
--name "/test/ci/host" \
--value "localhost" \
--type String \
--query "Version" --output text)
[ "$VERSION" = "1" ]
# Get it back
VALUE=$(aws ssm get-parameter \
--name "/test/ci/host" \
--query "Parameter.Value" --output text)
[ "$VALUE" = "localhost" ]
# Overwrite
VERSION2=$(aws ssm put-parameter \
--name "/test/ci/host" \
--value "127.0.0.1" \
--type String \
--overwrite \
--query "Version" --output text)
[ "$VERSION2" = "2" ]
# Put without overwrite should fail
! aws ssm put-parameter \
--name "/test/ci/host" \
--value "fail" \
--type String 2>/dev/null
# ── SecureString + StringList ───────────────────────────────────
- name: "Parameter Types: SecureString and StringList"
run: |
set -euo pipefail
aws ssm put-parameter \
--name "/test/ci/secret" \
--value "my-secret-value" \
--type SecureString
aws ssm put-parameter \
--name "/test/ci/list" \
--value "a,b,c" \
--type StringList
TYPE=$(aws ssm get-parameter \
--name "/test/ci/secret" \
--query "Parameter.Type" --output text)
[ "$TYPE" = "SecureString" ]
VALUE=$(aws ssm get-parameter \
--name "/test/ci/list" \
--query "Parameter.Value" --output text)
[ "$VALUE" = "a,b,c" ]
# ── GetParameters (batch) ───────────────────────────────────────
- name: "GetParameters: batch get with valid and invalid names"
run: |
set -euo pipefail
RESULT=$(aws ssm get-parameters \
--names "/test/ci/host" "/test/ci/secret" "/test/ci/nonexistent")
VALID=$(echo "$RESULT" | jq '.Parameters | length')
INVALID=$(echo "$RESULT" | jq '.InvalidParameters | length')
[ "$VALID" = "2" ]
[ "$INVALID" = "1" ]
# ── GetParametersByPath ─────────────────────────────────────────
- name: "GetParametersByPath: non-recursive and recursive"
run: |
set -euo pipefail
aws ssm put-parameter --name "/test/ci/db/host" --value "db.local" --type String
aws ssm put-parameter --name "/test/ci/db/port" --value "5432" --type String
aws ssm put-parameter --name "/test/ci/db/creds/user" --value "admin" --type String
# Non-recursive: only direct children of /test/ci/db
COUNT=$(aws ssm get-parameters-by-path \
--path "/test/ci/db" \
--query "Parameters | length(@)" --output text)
[ "$COUNT" = "2" ]
# Recursive: all descendants
COUNT=$(aws ssm get-parameters-by-path \
--path "/test/ci/db" \
--recursive \
--query "Parameters | length(@)" --output text)
[ "$COUNT" = "3" ]
# ── DeleteParameter + DeleteParameters ──────────────────────────
- name: "Delete: single and batch delete"
run: |
set -euo pipefail
aws ssm put-parameter --name "/test/ci/del1" --value "v1" --type String
aws ssm put-parameter --name "/test/ci/del2" --value "v2" --type String
aws ssm delete-parameter --name "/test/ci/del1"
! aws ssm get-parameter --name "/test/ci/del1" 2>/dev/null
RESULT=$(aws ssm delete-parameters --names "/test/ci/del2" "/test/ci/nonexistent")
DELETED=$(echo "$RESULT" | jq '.DeletedParameters | length')
INVALID=$(echo "$RESULT" | jq '.InvalidParameters | length')
[ "$DELETED" = "1" ]
[ "$INVALID" = "1" ]
# ── DescribeParameters ──────────────────────────────────────────
- name: "DescribeParameters: list and filter"
run: |
set -euo pipefail
RESULT=$(aws ssm describe-parameters \
--parameter-filters "Key=Name,Option=BeginsWith,Values=/test/ci/db")
COUNT=$(echo "$RESULT" | jq '.Parameters | length')
[ "$COUNT" -ge 2 ]
# ── GetParameterHistory ─────────────────────────────────────────
- name: "GetParameterHistory: version history"
run: |
set -euo pipefail
# /test/ci/host has 2 versions from earlier steps
RESULT=$(aws ssm get-parameter-history --name "/test/ci/host")
COUNT=$(echo "$RESULT" | jq '.Parameters | length')
[ "$COUNT" = "2" ]
# ── Tags ────────────────────────────────────────────────────────
- name: "Tags: add, list, remove"
run: |
set -euo pipefail
aws ssm add-tags-to-resource \
--resource-type "Parameter" \
--resource-id "/test/ci/host" \
--tags "Key=env,Value=ci" "Key=team,Value=infra"
TAG_COUNT=$(aws ssm list-tags-for-resource \
--resource-type "Parameter" \
--resource-id "/test/ci/host" \
--query "TagList | length(@)" --output text)
[ "$TAG_COUNT" = "2" ]
aws ssm remove-tags-from-resource \
--resource-type "Parameter" \
--resource-id "/test/ci/host" \
--tag-keys "team"
TAG_COUNT=$(aws ssm list-tags-for-resource \
--resource-type "Parameter" \
--resource-id "/test/ci/host" \
--query "TagList | length(@)" --output text)
[ "$TAG_COUNT" = "1" ]
# ── Labels ──────────────────────────────────────────────────────
- name: "Labels: label, get by label selector, unlabel"
run: |
set -euo pipefail
# Label version 1 of /test/ci/host
aws ssm label-parameter-version \
--name "/test/ci/host" \
--parameter-version 1 \
--labels "release"
# Get by label selector
VALUE=$(aws ssm get-parameter \
--name "/test/ci/host:release" \
--query "Parameter.Value" --output text)
[ "$VALUE" = "localhost" ]
# Get by version selector
VALUE=$(aws ssm get-parameter \
--name "/test/ci/host:1" \
--query "Parameter.Value" --output text)
[ "$VALUE" = "localhost" ]
# Unlabel
aws ssm unlabel-parameter-version \
--name "/test/ci/host" \
--parameter-version 1 \
--labels "release"
# Label should no longer resolve
! aws ssm get-parameter --name "/test/ci/host:release" 2>/dev/null
# ── Cleanup ─────────────────────────────────────────────────────
- name: "Cleanup"
if: always()
run: |
set -uo pipefail
for PARAM in /test/ci/host /test/ci/secret /test/ci/list \
/test/ci/db/host /test/ci/db/port /test/ci/db/creds/user; do
aws ssm delete-parameter --name "$PARAM" 2>/dev/null || true
done
echo "Cleanup complete."