aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.66k stars 3.92k forks source link

Test environment reservation service #31938

Open mrgrain opened 1 week ago

mrgrain commented 1 week ago

Overview

Our integ tests need to run in an exclusive environment. Currently we are achieving this roughly by two ways:

However this model doesn't scale well. We should keep the Sandbox account boundary because we won't have that many different sandboxes and setting up accounts as a one-off operation is relatively cheap.

Instead of region designations, we should however have a service that reserves and assigns a an account and region pair to a test case. Some test cases (like cross-account deployments #31934) might reserver multiple pairs. The service can also ensure environments are regularly cleaned up from any accidentally left-over resources.

Implementation / Features

A new service an integration test can request exclusive, pre-configured environments to execute tests in.

rix0rrr commented 1 week ago

Would also be neat if it could keep statistics about wait time, test run time, failure rates etc.

And if we could request accounts with specific setups, like 2 accts with cross account trust, or manually prepared certificates.

rix0rrr commented 1 week ago

I would like the service to direct the client as much as possible. So it will also hand out Role ARNs to assume, and other parameters that are necessary for the client to work properly. Ideally clients only need to follow instructions, and operate on as few assumptions of the target environments as possible

mrgrain commented 1 week ago

And if we could request accounts with specific setups, like 2 accts with cross account trust, or manually prepared certificates.

I would like the service to direct the client as much as possible. So it will also hand out Role ARNs to assume, and other parameters that are necessary for the client to work properly. Ideally clients only need to follow instructions, and operate on as few assumptions of the target environments as possible

Yes, but. We also need to provision for testing of bootstrapping. But I agree that for non-bootrapping test cases, pre-bootstrapped environments would be desirable.

rix0rrr commented 1 week ago

Sure. Maybe then we just ask for 2 accounts and do the --trust bootstrapping as part of the test, that works too. It's probably better!

Requests for the other hand-provisioned crap still stands though 😉

iliapolo commented 3 hours ago

It would great if this service could also be used in local development. This will make writing and developing complex tests easier, which means we will do more of them.

Perhaps we can create a dedicated pool for local dev usage.

iliapolo commented 3 hours ago

Maybe then we just ask for 2 accounts and do the --trust bootstrapping as part of the test, that works too. It's probably better!

Yes, I like that better.