Update provider configs (#994)

Update the test configs to match the real repos by running `make
update-provider-configs`, then re-run `make` to re-generate.

Stacked on #993

provider-ci/test-providers/aws/.ci-mgmt.yaml

@@ -1,6 +1,3 @@
-# WARNING: this file is only used as an example to test changes to workflow templates, specifically
-# by the test-workflow-generation Makefile target. It does NOT affect the configuration of the
-# actual provider. Edit .ci-mgmt.yml in pulumi/pulumi-aws to reconfigure the actual provider build.
 provider: aws
 lint: false
 major-version: 6
@@ -11,16 +8,14 @@ providerVersion: github.com/hashicorp/terraform-provider-aws/version.ProviderVer
 env:
   PULUMI_MISSING_DOCS_ERROR: true
   AWS_REGION: "us-west-2"
+  OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
 makeTemplate: bridged
+checkoutSubmodules: true
 freeDiskSpaceBeforeBuild: true
 freeDiskSpaceBeforeTest: true
-checkoutSubmodules: true
 # TODO: remove XrunUpstreamTools flag after work to add docs replacement strategies to resources.go is completed
 # Tracked in in https://github.com/pulumi/pulumi-aws/issues/2757
 XrunUpstreamTools: true
-nixpkgs:
-  - name: awscli2
-    version: latest
 plugins:
   - name: archive
     version: "0.0.1"
@@ -29,16 +24,23 @@ plugins:
   - name: github
     version: "4.10.0"
   - name: kubernetes
-    version: "3.17.0"
+    version: "4.11.0"
+  - name: "null"
+    version: "0.0.3"
+  - name: "local"
+    version: "0.1.0"
   - name: random
     version: "4.8.2"
   - name: github
     version: "5.14.0"
-team: ecosystem
+  - name: std
+    version: "1.6.2"
+  - name: terraform
+    version: "1.0.17"
+    kind: converter
+# Use `pulumi convert` for translating examples from TF to Pulumi.
+pulumiConvert: 1
 goBuildParallelism: 2
-runner:
-  publish: pulumi-ubuntu-8core
-  buildSdk: pulumi-ubuntu-8core
 actions:
   preTest:
     - name: Configure AWS Credentials
@@ -48,26 +50,11 @@ actions:
         aws-region: ${{ env.AWS_REGION }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         role-duration-seconds: 3600
-        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-session-name: aws@githubActions
         role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
     - name: Make upstream
       run: make upstream
 
-  preBuild:
-    - name: Clear GitHub Actions Ubuntu runner disk space
-      uses: jlumbroso/free-disk-spacev@v1
-      with:
-        tool-cache: false
-        dotnet: false
-        android: true
-        haskell: true
-        swap-storage: true
-        # TODO: enable once transient error with azure is resolved
-        #
-        # E: Failed to fetch
-        # http://azure.archive.ubuntu.com/ubuntu/pool/universe/d/dotnet7/aspnetcore-targeting-pack-7.0_7.0.105-0ubuntu1%7e22.04.1_amd64.deb
-        # 404 Not Found [IP: 40.81.13.82 80]
-        large-packages: false
 extraTests:
   go_test_shim:
     name: Run test of provider shim
@@ -79,17 +66,192 @@ extraTests:
       with:
         ref: ${{ env.PR_COMMIT_SHA }}
         submodules: true
+    - uses: pulumi/provider-version-action@v1
+      with:
+        set-env: 'PROVIDER_VERSION'
+    - name: Setup tools
+      uses: ./.github/actions/setup-tools
+      with:
+        tools: pulumictl, pulumi, go
     - name: Make upstream
       run: make upstream
-    - uses: actions/setup-go@v5
-      with:
-       go-version-file: 'provider/go.mod'
-       cache-dependency-path: 'provider/go.sum'
     - name: go test
       run: |
-        cd upstream/shim
+        cd upstream
+        go get github.com/hashicorp/aws-sdk-go-base@v1.1.0
+        cd shim
         go test -v -coverprofile="coverage.txt" .
     - name: Upload coverage reports to Codecov
       uses: codecov/codecov-action@v4
       env:
        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  test_oidc:
+    name: test_oidc
+    needs: build_sdk
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+    - name: Free Disk Space (Ubuntu)
+      uses: jlumbroso/free-disk-space@main
+      with:
+        tool-cache: false
+        swap-storage: false
+        dotnet: ${{ matrix.language != 'dotnet' }}
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ env.PR_COMMIT_SHA }}
+        submodules: true
+    - uses: pulumi/provider-version-action@v1
+      with:
+        set-env: 'PROVIDER_VERSION'
+    - name: Setup tools
+      uses: ./.github/actions/setup-tools
+      with:
+        tools: pulumictl, pulumi, go, node
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: aws-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: Untar provider binaries
+      run: >-
+        tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+
+        find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress SDK folder
+      run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{
+        github.workspace }}/sdk/${{ matrix.language }}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        version: v2.4.0
+    - name: Make upstream
+      run: make upstream
+    - name: Run selected tests with manual web identity/OIDC auth
+      run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - name: Configure AWS Credentials for OIDC
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        unset-current-credentials: true
+        aws-region: ${{ env.AWS_REGION }}
+        role-duration-seconds: 3600
+        role-session-name: aws@githubActions
+        role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
+    - name: Run selected tests with configure-aws-credentials web identity/OIDC auth
+      run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in running ${{ matrix.language }} tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+        - nodejs
+
+  provider_test:
+    name: provider_test
+    needs: build_sdk
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          swap-storage: false
+          tool-cache: false
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.PR_COMMIT_SHA }}
+          submodules: true
+      - uses: pulumi/provider-version-action@v1
+        with:
+          set-env: 'PROVIDER_VERSION'
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          tools: pulumictl, pulumi, go, node, dotnet, python, java
+      - name: Make upstream
+        run: make upstream
+      - name: Download provider + tfgen binaries
+        uses: actions/download-artifact@v4
+        with:
+          name: aws-provider.tar.gz
+          path: ${{ github.workspace }}/bin
+      - name: Untar provider binaries
+        run: >-
+          tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+          github.workspace}}/bin
+
+          find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \;
+      - run: dotnet nuget add source ${{ github.workspace }}/nuget
+      - name: Download SDK
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.language }}-sdk.tar.gz
+          path: ${{ github.workspace}}/sdk/
+      - name: Uncompress SDK folder
+        run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{
+          github.workspace }}/sdk/${{ matrix.language }}
+      - name: Update path
+        run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
+      - name: Install Python deps
+        run: |-
+          pip3 install virtualenv==20.0.23
+          pip3 install pipenv
+      - name: Install dependencies
+        run: make install_${{ matrix.language}}_sdk
+      - name: Install gotestfmt
+        uses: GoTestTools/gotestfmt-action@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          version: v2.5.0
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-region: ${{ env.AWS_REGION }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-duration-seconds: 3600
+          role-session-name: aws@githubActions
+          role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+      - name: Run provider tests
+        run: |
+          cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+      - if: failure() && github.event_name == 'push'
+        name: Notify Slack
+        uses: 8398a7/action-slack@v3
+        with:
+          author_name: Failure in running ${{ matrix.language }} provider tests
+          fields: repo,commit,author,action
+          status: ${{ job.status }}
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - nodejs
+          - python
+          - dotnet
+          - go
+          - java

provider-ci/test-providers/aws/.github/workflows/build_sdk.yml

@@ -13,6 +13,7 @@ env:
   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
   NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
   NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
   PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
   PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
   PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
@@ -32,7 +33,7 @@ env:
 jobs:
   build_sdk:
     name: build_sdk
-    runs-on: pulumi-ubuntu-8core
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: true
       matrix:

provider-ci/test-providers/aws/.github/workflows/command-dispatch.yml

@@ -6,6 +6,7 @@ env:
   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
   NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
   NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
   PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
   PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
   PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

provider-ci/test-providers/aws/.github/workflows/license.yml

@@ -13,6 +13,7 @@ env:
   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
   NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
   NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
   PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
   PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
   PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

provider-ci/test-providers/aws/.github/workflows/lint.yml

@@ -12,6 +12,7 @@ env:
   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
   NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
   NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
   PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
   PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
   PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}