Switch to using a role for CI (#348)

* switch to using a role for integrated tests

* separate python

* setup permision&test against CI_PubSub_Role

* test against iot account

* update host

* test host

* use a ci job role for test

* update role permission

* update tests to use host argument

* quick run discovery test

* quick test for gg discovery

* migrate gg discovery test

* more comments

---------

Co-authored-by: Vera Xia <[email protected]>

Author: sbSteveK

.github/workflows/ci.yml

@@ -8,8 +8,8 @@ on:
 
 env:
   RUN: ${{ github.run_id }}-${{ github.run_number }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_DEFAULT_REGION: us-east-1
+  CI_SDK_V1_ROLE: arn:aws:iam::180635532705:role/CI_SDK_V1_ROLE
   PACKAGE_NAME: aws-iot-device-sdk-python
   AWS_EC2_METADATA_DISABLED: true
 
@@ -33,6 +33,9 @@ jobs:
 
   integration-tests:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read # This is required for actions/checkout
     strategy:
       fail-fast: false
       matrix:
@@ -43,6 +46,10 @@ jobs:
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
+      - uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ env.CI_SDK_V1_ROLE }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
       - name: Integration tests
         run: |
           pip install pytest

.github/workflows/handle-stale-discussions.yml

@@ -1,18 +1,19 @@
 name: HandleStaleDiscussions
 on:
-schedule:
-- cron: '0 */4 * * *'
-discussion_comment:
-types: [created]
+  schedule:
+    - cron: '0 */4 * * *'
+  discussion_comment:
+    types: [created]
 
 jobs:
-handle-stale-discussions:
-name: Handle stale discussions
-runs-on: ubuntu-latest
-permissions:
-  discussions: write
-steps:
-  - name: Stale discussions action
-    uses: aws-github-ops/handle-stale-discussions@v1
-    env:
-      GITHUB_TOKEN:  ${{secrets.GITHUB_TOKEN}}
+  handle-stale-discussions:
+    name: Handle stale discussions
+    runs-on: ubuntu-latest
+    permissions:
+      discussions: write
+    steps:
+      - name: Stale discussions action
+        uses: aws-github-ops/handle-stale-discussions@v1
+        env:
+          GITHUB_TOKEN:  ${{secrets.GITHUB_TOKEN}}
+          

test-integration/IntegrationTests/IntegrationTestAsyncAPIGeneralNotificationCallbacks.py

@@ -32,7 +32,6 @@
 TOPIC = "topic/test/async_cb/"
 MESSAGE_PREFIX = "MagicMessage-"
 NUMBER_OF_PUBLISHES = 3
-HOST = "ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com"
 ROOT_CA = "./test-integration/Credentials/rootCA.crt"
 CERT = "./test-integration/Credentials/certificate.pem.crt"
 KEY = "./test-integration/Credentials/privateKey.pem.key"
@@ -102,9 +101,10 @@ def get_random_string(length):
 ############################################################################
 # Main #
 # Check inputs
-my_check_in_manager = checkInManager(1)
+my_check_in_manager = checkInManager(2)
 my_check_in_manager.verify(sys.argv)
 mode = my_check_in_manager.mode
+host = my_check_in_manager.host
 
 skip_when_match(ModeIsALPN(mode).And(
     Python2VersionLowerThan((2, 7, 10)).Or(Python3VersionLowerThan((3, 5, 0)))
@@ -115,7 +115,7 @@ def get_random_string(length):
 print("Connecting...")
 callback_manager = CallbackManager()
 sdk_mqtt_client = MQTTClientManager()\
-    .create_nonconnected_mqtt_client(mode, CLIENT_ID, HOST, (ROOT_CA, CERT, KEY), callback_manager)
+    .create_nonconnected_mqtt_client(mode, CLIENT_ID, host, (ROOT_CA, CERT, KEY), callback_manager)
 sdk_mqtt_client.connectAsync(keepAliveIntervalSecond=1, ackCallback=callback_manager.connack)  # Add callback
 print("Wait some time to make sure we are connected...")
 time.sleep(10)  # 10 sec

test-integration/IntegrationTests/IntegrationTestAutoReconnectResubscribe.py

@@ -135,14 +135,14 @@ def threadBRuntime(self, pyCoreClient, callback):
 ############################################################################
 # Main #
 # Check inputs
-myCheckInManager = checkInManager.checkInManager(1)
+myCheckInManager = checkInManager.checkInManager(2)
 myCheckInManager.verify(sys.argv)
 
-host = "ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com"
 rootCA = "./test-integration/Credentials/rootCA.crt"
 certificate = "./test-integration/Credentials/certificate.pem.crt"
 privateKey = "./test-integration/Credentials/privateKey.pem.key"
 mode = myCheckInManager.mode
+host = myCheckInManager.host
 
 skip_when_match(ModeIsALPN(mode).And(
     Python2VersionLowerThan((2, 7, 10)).Or(Python3VersionLowerThan((3, 5, 0)))

test-integration/IntegrationTests/IntegrationTestClientReusability.py

@@ -40,7 +40,6 @@
 NUMBER_OF_MESSAGES_PER_LOOP = 3
 NUMBER_OF_LOOPS = 3
 SUB_WAIT_TIME_OUT_SEC = 20
-HOST = "ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com"
 ROOT_CA = "./test-integration/Credentials/rootCA.crt"
 CERT = "./test-integration/Credentials/certificate.pem.crt"
 KEY = "./test-integration/Credentials/privateKey.pem.key"
@@ -94,19 +93,20 @@ def verify(self):
 
 ############################################################################
 # Main #
-my_check_in_manager = checkInManager(1)
+my_check_in_manager = checkInManager(2)
 my_check_in_manager.verify(sys.argv)
 mode = my_check_in_manager.mode
+host = my_check_in_manager.host
 
 skip_when_match(ModeIsALPN(mode).And(
     Python2VersionLowerThan((2, 7, 10)).Or(Python3VersionLowerThan((3, 5, 0)))
 ), "This test is not applicable for mode %s and Python verison %s. Skipping..." % (mode, sys.version_info[:3]))
 
 simple_thread_manager = simpleThreadManager()
 
-client_pub = MQTTClientManager().create_nonconnected_mqtt_client(mode, CLIENT_ID_PUB, HOST, (ROOT_CA, CERT, KEY))
+client_pub = MQTTClientManager().create_nonconnected_mqtt_client(mode, CLIENT_ID_PUB, host, (ROOT_CA, CERT, KEY))
 print("Client publisher initialized.")
-client_sub = MQTTClientManager().create_nonconnected_mqtt_client(mode, CLIENT_ID_SUB, HOST, (ROOT_CA, CERT, KEY))
+client_sub = MQTTClientManager().create_nonconnected_mqtt_client(mode, CLIENT_ID_SUB, host, (ROOT_CA, CERT, KEY))
 print("Client subscriber initialized.")
 client_twins = ClientTwins(client_pub, client_sub)
 print("Client twins initialized.")

test-integration/IntegrationTests/IntegrationTestConfigurablePublishMessageQueueing.py

@@ -274,10 +274,10 @@ def performConfigurableOfflinePublishQueueTest(clientPub, clientSub):
 
 
 # Check inputs
-myCheckInManager = checkInManager.checkInManager(1)
+myCheckInManager = checkInManager.checkInManager(2)
 myCheckInManager.verify(sys.argv)
 
-host = "ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com"
+host = myCheckInManager.host
 rootCA = "./test-integration/Credentials/rootCA.crt"
 certificate = "./test-integration/Credentials/certificate.pem.crt"
 privateKey = "./test-integration/Credentials/privateKey.pem.key"

test-integration/IntegrationTests/IntegrationTestDiscovery.py

@@ -8,13 +8,13 @@
 from TestToolLibrary.skip import ModeIsWebSocket
 
 
-HOST = "arc9d2oott9lj-ats.iot.us-east-1.amazonaws.com"  # <[email protected]> 003261610643
 PORT = 8443
 CA = "./test-integration/Credentials/rootCA.crt"
 CERT = "./test-integration/Credentials/certificate_drs.pem.crt"
 KEY = "./test-integration/Credentials/privateKey_drs.pem.key"
 TIME_OUT_SEC = 30
 # This is a pre-generated test data from DRS integration tests
+# The test resources point to account # <[email protected]> 003261610643
 ID_PREFIX = "Id-"
 GGC_ARN = "arn:aws:iot:us-east-1:003261610643:thing/DRS_GGC_0kegiNGA_0"
 GGC_PORT_NUMBER_BASE = 8080
@@ -108,10 +108,14 @@
 }
 '''
 
+my_check_in_manager = checkInManager(2)
+my_check_in_manager.verify(sys.argv)
+mode = my_check_in_manager.mode
+host = my_check_in_manager.host
 
 def create_discovery_info_provider():
     discovery_info_provider = DiscoveryInfoProvider()
-    discovery_info_provider.configureEndpoint(HOST, PORT)
+    discovery_info_provider.configureEndpoint(host, PORT)
     discovery_info_provider.configureCredentials(CA, CERT, KEY)
     discovery_info_provider.configureTimeout(TIME_OUT_SEC)
     return discovery_info_provider
@@ -196,9 +200,6 @@ def verify_group_object(discovery_info):
 
 ############################################################################
 # Main #
-my_check_in_manager = checkInManager(1)
-my_check_in_manager.verify(sys.argv)
-mode = my_check_in_manager.mode
 
 skip_when_match(ModeIsWebSocket(mode), "This test is not applicable for mode: %s. Skipping..." % mode)
 

test-integration/IntegrationTests/IntegrationTestJobsClient.py

@@ -154,10 +154,10 @@ def _test_send_response_confirm(self, sendResult):
 ############################################################################
 # Main #
 # Check inputs
-myCheckInManager = checkInManager.checkInManager(1)
+myCheckInManager = checkInManager.checkInManager(2)
 myCheckInManager.verify(sys.argv)
 
-host = "ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com"
+host = myCheckInManager.host
 rootCA = "./test-integration/Credentials/rootCA.crt"
 certificate = "./test-integration/Credentials/certificate.pem.crt"
 privateKey = "./test-integration/Credentials/privateKey.pem.key"

test-integration/IntegrationTests/IntegrationTestMQTTConnection.py

@@ -84,10 +84,10 @@ def _performPublish(self, pyCoreClient, topic, qos, payload):
 ############################################################################
 # Main #
 # Check inputs
-myCheckInManager = checkInManager.checkInManager(2)
+myCheckInManager = checkInManager.checkInManager(3)
 myCheckInManager.verify(sys.argv)
 
-host = "ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com"
+host = myCheckInManager.host
 rootCA = "./test-integration/Credentials/rootCA.crt"
 certificate = "./test-integration/Credentials/certificate.pem.crt"
 privateKey = "./test-integration/Credentials/privateKey.pem.key"

test-integration/IntegrationTests/IntegrationTestOfflineQueueingForSubscribeUnsubscribe.py

@@ -47,7 +47,6 @@ def get_random_string(length):
 TOPIC_B = "topic/test/offline_sub_unsub/b" + get_random_string(4)
 MESSAGE_PREFIX = "MagicMessage-"
 NUMBER_OF_PUBLISHES = 3
-HOST = "ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com"
 ROOT_CA = "./test-integration/Credentials/rootCA.crt"
 CERT = "./test-integration/Credentials/certificate.pem.crt"
 KEY = "./test-integration/Credentials/privateKey.pem.key"
@@ -74,7 +73,7 @@ def __init__(self, mode):
         time.sleep(2)  # Make sure the subscription is valid
 
     def _create_connected_client(self, id_prefix):
-        return MQTTClientManager().create_connected_mqtt_client(self.__mode, id_prefix, HOST, (ROOT_CA, CERT, KEY))
+        return MQTTClientManager().create_connected_mqtt_client(self.__mode, id_prefix, host, (ROOT_CA, CERT, KEY))
 
     def start(self):
         thread_client_sub_unsub = Thread(target=self._thread_client_sub_unsub_runtime)
@@ -192,9 +191,10 @@ def verify(self):
 ############################################################################
 # Main #
 # Check inputs
-my_check_in_manager = checkInManager(1)
+my_check_in_manager = checkInManager(2)
 my_check_in_manager.verify(sys.argv)
 mode = my_check_in_manager.mode
+host = my_check_in_manager.host
 
 skip_when_match(ModeIsALPN(mode).And(
     Python2VersionLowerThan((2, 7, 10)).Or(Python3VersionLowerThan((3, 5, 0)))