test(e2e): federation IaC formats end-to-end test script#88
Conversation
scripts/e2e-federation-test.sh exercises every supported federation format × cloud provider combination end-to-end: - AWS cross-account: CLI, Terraform, CloudFormation - Azure WIF: CLI, Terraform, Bicep, ARM - GCP WIF: CLI, Terraform Each cycle: download bundle → deploy → auto-register → approve → /test → cleanup. Designed to catch federation regressions that the unit test suite cannot — the credential resolution, bundle generation, and cross-account /test path all live in distinct code paths that only converge at deploy time. All credentials and tokens come from env vars (CUDLY_TOKEN, CUDLY_CSRF) or AWS Secrets Manager at runtime. Defaults like CUDLY_HOST_PROFILE / CUDLY_LAMBDA_NAME / CUDLY_ADMIN_EMAIL are env-overridable for non-default deployments. No secrets in the checked-in script. Filterable via --provider / --format flags, with --no-cleanup to inspect deployed state on failure. Not wired into CI yet — runs against a deployed dev stack and needs three live cloud accounts. Useful for manual pre-merge verification of federation changes (PRs #67, #74, etc.) and as the basis for a future eventual nightly job once a sandbox target is provisioned.
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 51 minutes and 3 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
|
Closing — keeping the e2e federation test script local for now. The 846-line script still lives in the main worktree at |
cristim
added
triaged
1 participant
Summary
Adds
scripts/e2e-federation-test.sh— an end-to-end test that exercises every supported federation format × cloud provider combination against a deployed CUDly stack:Each cycle: download bundle → deploy → auto-register → approve →
/test→ cleanup. Catches federation regressions that unit tests can't, since the credential resolution, bundle generation, and/testpath only converge at deploy time.Why now
Recent federation work (#67 fail-loud guards, #74 Logic App KV migration, the Azure target-source consistency thread) modified the bundle generation and the
/testpath multiple times. Manual smoke testing across the full format matrix takes ~30 min; this script reduces that to one command.Safety
CUDLY_TOKEN,CUDLY_CSRF) or AWS Secrets Manager at runtime.CUDLY_HOST_PROFILE,CUDLY_LAMBDA_NAME,CUDLY_ADMIN_EMAIL,GCP_PROJECT) are env-overridable for non-default deployments.--no-cleanupflag preserves deployed state on failure for inspection.Out of scope
Test plan
bash -n scripts/e2e-federation-test.shexits 0grep -E "AKIA|aws_secret|client_secret|password" scripts/e2e-federation-test.shreturns only env-var references and AWS-Secrets-Manager fetcheschmod +xalready set