gurevichdmitry · gurevichdmitry · Sep 28, 2023 · Sep 28, 2023 · Sep 28, 2023 · Sep 28, 2023
diff --git a/.github/workflows/gcp-ci.yml b/.github/workflows/gcp-ci.yml
@@ -10,7 +10,6 @@ on:
 jobs:
   Run-CSPM-GCP-Tests:
     name: CIS GCP integration test
-    if: false
     runs-on: ubuntu-22.04
     timeout-minutes: 60
     permissions:
@@ -68,7 +67,17 @@ jobs:
           USE_K8S: false
         run: |
           poetry install
-          poetry run pytest -k "cspm_gcp" --alluredir=./allure/results/ --clean-alluredir --maxfail=4
+          sleep 5
+          curl -X PUT "http://localhost:9200/*cloud_security_posture.findings*/_settings" -H "Content-Type: application/json" -d '{
+            "index.mapping.total_fields.limit": 2000
+          }'
+          poetry run pytest -k "cspm_gcp" --alluredir=./allure/results/ --clean-alluredir --maxfail=1
+
+      - name: Setup tmate session
+        uses: mxschmitt/action-tmate@v3
+        if: failure()
+        with:
+          limit-access-to-actor: true
 
       - name: Print cloudbeat logs
         if: always()

diff --git a/.github/workflows/test-environment.yml b/.github/workflows/test-environment.yml
@@ -14,13 +14,16 @@ on:
         required: true
         description: "Stack version: For released/BC version use 8.x.y, for SNAPSHOT use 8.x.y-SNAPSHOT"
         default: "8.10.0"
+        type: string
       ess-region:
         required: true
         description: "Elastic Cloud deployment region"
         default: "gcp-us-west2"
+        type: string
       docker-image-override:
         required: false
         description: "Provide the full Docker image path to override the default image (e.g. for testing BC/SNAPSHOT)"
+        type: string
       run-sanity-tests:
           description: "Run sanity tests after provision"
           default: false
@@ -33,6 +36,45 @@ on:
         type: string
         description: "**Optional** By default, the environment will be created in our Cloud Security Organization. If you want to use your own cloud account, enter your Elastic Cloud API key."
         required: false
+  workflow_call:
+    inputs:
+      deployment_name:
+        description: Name of the deployment to create
+        type: string
+        required: true
+      elk-stack-version:
+        required: true
+        description: "Stack version: For released/BC version use 8.x.y, for SNAPSHOT use 8.x.y-SNAPSHOT"
+        default: "8.10.0"
+        type: string
+      ess-region:
+        required: true
+        description: "Elastic Cloud deployment region"
+        default: "gcp-us-west2"
+        type: string
+      docker-image-override:
+        required: false
+        description: "Provide the full Docker image path to override the default image (e.g. for testing BC/SNAPSHOT)"
+        type: string
+      run-sanity-tests:
+        description: "Run sanity tests after provision"
+        default: false
+        type: boolean
+      cleanup-env:
+        description: "Cleanup resources after provision"
+        default: false
+        type: boolean
+      ec-api-key:
+        type: string
+        description: "**Optional** By default, the environment will be created in our Cloud Security Organization. If you want to use your own cloud account, enter your Elastic Cloud API key."
+        required: false
+    outputs:
+      s3-bucket:
+        description: "Terraform state s3 bucket folder"
+        value: ${{ jobs.Deploy.outputs.deploy-s3-bucket }}
+      cnvm-stack-name:
+        description: "AWS CNVM integration stack name"
+        value: ${{ jobs.Deploy.outputs.aws-cnvm-stack-name }}
 
 env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -52,17 +94,20 @@ jobs:
       run:
         working-directory: ${{ env.WORKING_DIR }}
     env:
-      TF_VAR_stack_version: ${{ github.event.inputs.elk-stack-version }}
-      TF_VAR_ess_region: ${{ github.event.inputs.ess-region }}
-      DEPLOYMENT_NAME: ${{ github.event.inputs.deployment_name }}
+      TF_VAR_stack_version: ${{ inputs.elk-stack-version }}
+      TF_VAR_ess_region: ${{ inputs.ess-region }}
+      DEPLOYMENT_NAME: ${{ inputs.deployment_name }}
       S3_BASE_BUCKET: "s3://tf-state-bucket-test-infra"
-      DOCKER_IMAGE_OVERRIDE: ${{ github.event.inputs.docker-image-override }}
-      STACK_VERSION: ${{ github.event.inputs.elk-stack-version }}
-      CNVM_STACK_NAME: "${{ github.event.inputs.deployment_name }}-cnvm-sanity-test-stack"
+      DOCKER_IMAGE_OVERRIDE: ${{ inputs.docker-image-override }}
+      STACK_VERSION: ${{ inputs.elk-stack-version }}
+      CNVM_STACK_NAME: "${{ inputs.deployment_name }}-cnvm-sanity-test-stack"
     # Add "id-token" with the intended permissions.
     permissions:
       contents: 'read'
       id-token: 'write'
+    outputs:
+      deploy-s3-bucket: ${{ steps.upload-state.outputs.s3-bucket-folder }}
+      aws-cnvm-stack-name: ${{ steps.upload-state.outputs.aws-cnvm-stack }}
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
@@ -73,7 +118,7 @@ jobs:
 
       - name: Check Deployment Name
         run: |
-          deployment_name="${{ github.event.inputs.deployment_name }}"
+          deployment_name="${{ inputs.deployment_name }}"
 
           # Check length
           if [ ${#deployment_name} -gt 20 ]; then
@@ -88,7 +133,7 @@ jobs:
           fi
 
       - name: Mask Sensitive Data
-        if: github.event.inputs.ec-api-key != ''
+        if: inputs.ec-api-key != ''
         run: |
           ec_api_key=$(jq -r '.inputs["ec-api-key"]' $GITHUB_EVENT_PATH)
           echo "::add-mask::$ec_api_key"
@@ -178,13 +223,16 @@ jobs:
           echo "CSPM_PUBLIC_IP=$CSPM_PUBLIC_IP" >> $GITHUB_ENV
 
       - name: Upload tf state
+        id: upload-state
         if: always()
         env:
           S3_BUCKET: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
         run: |
           aws s3 cp "./terraform.tfstate" "${{ env.S3_BUCKET }}/terraform.tfstate"
           aws s3 cp "${{ env.EC2_CSPM_KEY }}" "${{ env.S3_BUCKET }}/cspm.pem"
           aws s3 cp "${{ env.EC2_KSPM_KEY }}" "${{ env.S3_BUCKET }}/kspm.pem"
+          echo "s3-bucket-folder=${{ env.S3_BUCKET }}" >> $GITHUB_OUTPUT
+          echo "aws-cnvm-stack=${{ env.CNVM_STACK_NAME }}" >> $GITHUB_OUTPUT
 
       - name: Summary
         if: success()
@@ -296,6 +344,7 @@ jobs:
           aws s3 cp "${{ env.FLEET_API_DIR}}/kspm_d4c.yaml" "${{ env.S3_BUCKET }}/kspm_d4c.yaml"
           aws s3 cp "${{ env.FLEET_API_DIR}}/kspm_eks.yaml" "${{ env.S3_BUCKET }}/kspm_eks.yaml"
           aws s3 cp "${{ env.FLEET_API_DIR}}/cspm-linux.sh" "${{ env.S3_BUCKET }}/cspm-linux.sh"
+          aws s3 cp "${{ env.FLEET_API_DIR}}/state_data.json" "${{ env.S3_BUCKET }}/state_data.json"
 
       - name: Wait for agents to enroll
         id: wait-for-agents
@@ -304,13 +353,13 @@ jobs:
           poetry run python src/agents_enrolled.py
 
       - name: Run Sanity checks
-        if: ${{ success() && github.event.inputs.run-sanity-tests == 'true' }}
+        if: ${{ success() && inputs.run-sanity-tests == true }}
         working-directory: ./tests
         run: |
           poetry install
           poetry run pytest -m "sanity" --alluredir=./allure/results/ --clean-alluredir --maxfail=4
 
       - name: Cleanup Environment
-        if: github.event.inputs.cleanup-env == 'true'
+        if: inputs.cleanup-env == 'true'
         run: |
           just delete-cloud-env ${{ env.DEPLOYMENT_NAME }} '' "false"