-
Notifications
You must be signed in to change notification settings - Fork 465
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform test: Add AWS persistent #30809
base: main
Are you sure you want to change the base?
Conversation
@bobbyiliev The test works locally, but fails in CI: https://buildkite.com/materialize/qa-canary/builds/338#0193bc0c-9a96-41f3-a136-927eba3f5477
Can I easily tell terraform that anyone in the Materialize org can have access to this cluster? |
200e187
to
c6b838c
Compare
@bobbyiliev There seems to be another problem. I think the security group and subnet are not using a prefix. Now that I added the persistent aws setup in this PR the temporary aws terraform setup is failing: https://buildkite.com/materialize/nightly/builds/10674#0193bc9c-f90a-45eb-8494-11b525a7a606
Can you take a look please? |
I also tried granting the CI role permissions to the EKS cluster, but still seeing the same:
|
Just submitted a PR to update a hardcoded prefix.
Is there an easy way for us to get the CI role during the run itself? I think that we could extend the terraform module to accept an extra parameter and add the role to the cluster dynamically. |
c6b838c
to
8adb562
Compare
I don't think this would work because the terraform setup already exists. For now I'd like some way to extend the AWS cluster so that every role has access to it. It's the only thing still blocking this PR: https://buildkite.com/materialize/qa-canary/builds/372#01946058-36fc-42a1-81fb-e010fe36479e @bobbyiliev @jseldess Do you have any idea how to achieve that? |
Test run: https://buildkite.com/materialize/qa-canary/builds/338
Checklist
$T ⇔ Proto$T
mapping (possibly in a backwards-incompatible way), then it is tagged with aT-proto
label.