def test_destroy_raise_client_error(self, cfngin_context, monkeypatch):
"""Test destory with ClientError raised."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
def build_client_error(msg):
"""Raise a ClientError."""
return ClientError({'Error': {'Message': msg}}, 'test')
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'destroy_stack', lambda wait: None)
def raise_stack_not_exist(_records):
"""Raise ClientError mimicing stack not existing."""
raise build_client_error('Stack with id {} does not exist'.format(
cert.stack.fqn))
def raise_other(_records):
"""Raise other ClientError."""
raise build_client_error('something')
monkeypatch.setattr(cert, 'remove_validation_records',
raise_stack_not_exist)
assert cert.destroy()
monkeypatch.setattr(cert, 'remove_validation_records', raise_other)
with pytest.raises(ClientError) as excinfo:
cert.destroy()
assert 'something' in str(excinfo.value)
def test_update_record_set(self, cfngin_context):
"""Test update_record_set."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
r53_stubber = cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
r53_stubber.add_response(
"change_resource_record_sets",
gen_change_resource_record_sets(),
{
"HostedZoneId": cert.args.hosted_zone_id,
"ChangeBatch": gen_change_batch(
changes=[
gen_change(
action="UPSERT",
record_set=gen_record_set(
use_resource_record=True, TTL=cert.args.ttl
),
)
]
),
},
)
with r53_stubber:
assert not cert.update_record_set(gen_record_set())
r53_stubber.assert_no_pending_responses()
def test_deploy_recreate(self, cfngin_context, monkeypatch):
"""Test deploy with stack recreation."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert_arn = 'arn:aws:acm:us-east-1:012345678901:certificate/test'
expected = {'CertificateArn': cert_arn}
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'domain_changed', lambda: False)
monkeypatch.setattr(cert, 'deploy_stack', lambda: STATUS.recreate)
monkeypatch.setattr(cert, 'get_certificate',
MagicMock(side_effect=['old', cert_arn]))
monkeypatch.setattr(cert, '_wait_for_stack',
MagicMock(side_effect=[STATUS.new, None]))
monkeypatch.setattr(
cert, 'get_validation_record', lambda x: 'get_validation_record'
if x == cert_arn else ValueError)
monkeypatch.setattr(
cert, 'put_record_set', lambda x: None
if x == 'get_validation_record' else ValueError)
assert cert.deploy() == expected
def test_deploy_update(self, cfngin_context, monkeypatch):
"""Test deploy update stack."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert_arn = 'arn:aws:acm:us-east-1:012345678901:certificate/test'
expected = {'CertificateArn': cert_arn}
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'domain_changed', lambda: False)
monkeypatch.setattr(cert, 'deploy_stack', lambda: STATUS.update)
monkeypatch.setattr(cert, 'get_certificate', lambda: cert_arn)
monkeypatch.setattr(
cert, 'get_validation_record',
lambda x, status: 'get_validation_record'
if x == cert_arn and status == 'SUCCESS' else ValueError)
monkeypatch.setattr(
cert, 'update_record_set', lambda x: None
if x == 'get_validation_record' else ValueError)
monkeypatch.setattr(cert, '_wait_for_stack',
lambda x, last_status: None)
assert cert.deploy() == expected
def test_put_record_set(self, cfngin_context: MockCFNginContext) -> None:
"""Test put_record."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
r53_stubber = cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
r53_stubber.add_response(
"change_resource_record_sets",
gen_change_resource_record_sets(),
{
"HostedZoneId":
cert.args.hosted_zone_id,
"ChangeBatch":
gen_change_batch(changes=[
gen_change(record_set=cast(
"ResourceRecordSetTypeDef",
gen_record_set(use_resource_record=True,
TTL=cert.args.ttl),
))
]),
},
)
with r53_stubber:
assert not cert.put_record_set(
cast("ResourceRecordTypeDef", gen_record_set()))
r53_stubber.assert_no_pending_responses()
def test_get_validation_record_status_missmatch(
self, cfngin_context: MockCFNginContext, check: str,
found: str) -> None:
"""Test get get_validation_record with a missmatched record status."""
# setup context
acm_stubber = cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert_arn = "arn:aws:acm:us-east-1:012345678901:certificate/test"
expected_request = {"CertificateArn": cert_arn}
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
acm_stubber.add_response(
"describe_certificate",
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[
gen_domain_validation_option(ValidationStatus=found)
],
),
expected_request,
)
with acm_stubber, pytest.raises(ValueError) as excinfo:
cert.get_validation_record(cert_arn=cert_arn, status=check)
assert "No validations with status" in str(excinfo.value)
acm_stubber.assert_no_pending_responses()
def test_destory_aws_errors(self, cfngin_context: MockCFNginContext,
monkeypatch: MonkeyPatch) -> None:
"""Test destory with errors from AWS."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(
cert,
"remove_validation_records",
MagicMock(side_effect=[
cert.r53_client.exceptions.InvalidChangeBatch({}, ""),
cert.r53_client.exceptions.NoSuchHostedZone({}, ""),
cert.acm_client.exceptions.ResourceNotFoundException({}, ""),
]),
)
monkeypatch.setattr(cert, "destroy_stack", lambda wait: None)
assert cert.destroy()
assert cert.destroy()
assert cert.destroy()
def test_get_validation_record_status_missmatch(self, cfngin_context,
check, found):
"""Test get get_validation_record with a missmatched record status."""
# setup context
acm_stubber = cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert_arn = 'arn:aws:acm:us-east-1:012345678901:certificate/test'
expected_request = {'CertificateArn': cert_arn}
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
acm_stubber.add_response(
'describe_certificate',
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[
gen_domain_validation_option(ValidationStatus=found)
]), expected_request)
with acm_stubber, pytest.raises(ValueError) as excinfo:
cert.get_validation_record(cert_arn=cert_arn, status=check)
assert 'No validations with status' in str(excinfo.value)
acm_stubber.assert_no_pending_responses()
def test_get_validation_record_gt_one(self, cfngin_context):
"""Test get get_validation_record more than one result."""
# setup context
acm_stubber = cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert_arn = 'arn:aws:acm:us-east-1:012345678901:certificate/test'
expected_request = {'CertificateArn': cert_arn}
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
acm_stubber.add_response(
'describe_certificate',
gen_certificate(CertificateArn=cert_arn,
DomainValidationOptions=[
gen_domain_validation_option(),
gen_domain_validation_option()
]), expected_request)
with acm_stubber, pytest.raises(ValueError) as excinfo:
cert.get_validation_record(cert_arn=cert_arn)
assert 'only one option is supported' in str(excinfo.value)
acm_stubber.assert_no_pending_responses()
def test_deploy_update(self, cfngin_context: MockCFNginContext,
monkeypatch: MonkeyPatch) -> None:
"""Test deploy update stack."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert_arn = "arn:aws:acm:us-east-1:012345678901:certificate/test"
expected = {"CertificateArn": cert_arn}
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(cert, "domain_changed", lambda: False)
monkeypatch.setattr(cert, "deploy_stack", lambda: STATUS.update)
monkeypatch.setattr(cert, "get_certificate", lambda: cert_arn)
monkeypatch.setattr(
cert,
"get_validation_record",
lambda x, status: "get_validation_record"
if x == cert_arn and status == "SUCCESS" else ValueError,
)
monkeypatch.setattr(
cert,
"update_record_set",
lambda x: None if x == "get_validation_record" else ValueError,
)
monkeypatch.setattr(cert, "_wait_for_stack",
lambda x, last_status: None)
assert cert.deploy() == expected
def test_get_certificate(self, cfngin_context, patch_time):
"""Test get_certificate."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
provider = MagicMock(cloudformation=boto3.client('cloudformation'))
cfn_stubber = Stubber(provider.cloudformation)
cert = Certificate(context=cfngin_context,
provider=provider,
domain='example.com',
hosted_zone_id='test')
expected_request = {
'StackName': 'test-example-com',
'LogicalResourceId': 'Certificate'
}
cfn_stubber.add_response('describe_stack_resources',
{'StackResources': []}, expected_request)
cfn_stubber.add_response('describe_stack_resources',
{'StackResources': [gen_stack_resource()]},
expected_request)
cfn_stubber.add_response('describe_stack_resources', {
'StackResources':
[gen_stack_resource(PhysicalResourceId='success')]
}, expected_request)
with cfn_stubber:
assert cert.get_certificate() == 'success'
cfn_stubber.assert_no_pending_responses()
def test_get_validation_record_gt_one(
self, cfngin_context: MockCFNginContext) -> None:
"""Test get get_validation_record more than one result."""
# setup context
acm_stubber = cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert_arn = "arn:aws:acm:us-east-1:012345678901:certificate/test"
expected_request = {"CertificateArn": cert_arn}
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
acm_stubber.add_response(
"describe_certificate",
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[
gen_domain_validation_option(),
gen_domain_validation_option(),
],
),
expected_request,
)
with acm_stubber, pytest.raises(ValueError) as excinfo:
cert.get_validation_record(cert_arn=cert_arn)
assert "only one option is supported" in str(excinfo.value)
acm_stubber.assert_no_pending_responses()
def test_update_record_set(self, cfngin_context):
"""Test update_record_set."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
r53_stubber = cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
r53_stubber.add_response(
'change_resource_record_sets', gen_change_resource_record_sets(), {
'HostedZoneId':
cert.args.hosted_zone_id,
'ChangeBatch':
gen_change_batch(changes=[
gen_change(
action='UPSERT',
record_set=gen_record_set(use_resource_record=True,
TTL=cert.args.ttl))
])
})
with r53_stubber:
assert not cert.update_record_set(gen_record_set())
r53_stubber.assert_no_pending_responses()
def test_get_validation_record(
self,
cfngin_context: MockCFNginContext,
monkeypatch: MonkeyPatch,
patch_time: None,
status: str,
) -> None:
"""Test get_validation_record."""
# setup context
acm_stubber = cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert_arn = "arn:aws:acm:us-east-1:012345678901:certificate/test"
expected_request = {"CertificateArn": cert_arn}
validate_option_missing_record = gen_domain_validation_option(
ValidationStatus=status)
del validate_option_missing_record["ResourceRecord"]
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(cert, "get_certificate", lambda: cert_arn)
acm_stubber.add_response(
"describe_certificate",
gen_certificate(CertificateArn=cert_arn),
expected_request,
)
acm_stubber.add_response(
"describe_certificate",
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[validate_option_missing_record],
),
expected_request,
)
acm_stubber.add_response(
"describe_certificate",
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[
gen_domain_validation_option(ValidationStatus=status)
],
),
expected_request,
)
with acm_stubber:
assert (cert.get_validation_record(status=status) ==
gen_domain_validation_option()["ResourceRecord"])
acm_stubber.assert_no_pending_responses()
def test_remove_validation_records(self, cfngin_context, monkeypatch):
"""Test remove_validation_records."""
# setup context
acm_stubber = cfngin_context.add_stubber('acm', 'us-east-1')
r53_stubber = cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert_arn = 'arn:aws:acm:us-east-1:012345678901:certificate/test'
expected_cert_request = {'CertificateArn': cert_arn}
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'get_certificate', lambda: cert_arn)
acm_stubber.add_response(
'describe_certificate',
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[gen_domain_validation_option()]),
expected_cert_request)
acm_stubber.add_response(
'describe_certificate',
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[
gen_domain_validation_option(ValidationMethod='EMAIL')
]), expected_cert_request)
r53_stubber.add_response(
'change_resource_record_sets', gen_change_resource_record_sets(), {
'HostedZoneId':
cert.args.hosted_zone_id,
'ChangeBatch':
gen_change_batch(changes=[
gen_change(action='DELETE',
record_set=gen_record_set(
use_resource_record=True,
TTL=cert.args.ttl,
**gen_domain_validation_option()
['ResourceRecord']))
])
})
with acm_stubber, r53_stubber, pytest.raises(ValueError) as excinfo:
assert not cert.remove_validation_records()
cert.remove_validation_records()
acm_stubber.assert_no_pending_responses()
r53_stubber.assert_no_pending_responses()
assert str(excinfo.value) == 'Must provide one of more record sets'
def test_attributes(self, cfngin_context: MockCFNginContext) -> None:
"""Test attributes set during __init__."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
result = Certificate(
context=cfngin_context,
provider=MagicMock(),
alt_names=["example.net"],
domain="example.com",
hosted_zone_id="test",
stack_name="stack-name",
ttl=13,
)
assert result.stack_name == "stack-name"
assert result.properties["DomainName"] == "example.com"
assert result.properties["SubjectAlternativeNames"] == ["example.net"]
# value tested in base class; just ensure its not None
assert result.properties["Tags"]
assert result.properties["ValidationMethod"] == "DNS"
# blueprint attributes
assert result.blueprint.VARIABLES["DomainName"]
assert result.blueprint.VARIABLES["ValidateRecordTTL"]
# template attributes
template = result.blueprint.template
assert template.description == result.get_template_description()
assert not template.metadata
assert not template.conditions
assert not template.mappings
assert template.outputs["DomainName"].Value.to_dict() == {
"Ref": "DomainName"
}
assert template.outputs["ValidateRecordTTL"].Value.to_dict() == {
"Ref": "ValidateRecordTTL"
}
assert not template.parameters
assert isinstance(template.resources["Certificate"],
CertificateResource)
assert not template.rules
assert template.version == "2010-09-09"
assert not template.transform
# stack attributes
assert result.stack.fqn == "test-stack-name"
assert result.stack._blueprint == result.blueprint
def test_deploy_domain_changed(self, cfngin_context, monkeypatch):
"""Test deploy domain changed."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'domain_changed', lambda: True)
assert not cert.deploy()
def test_deploy_error_destroy(self, cfngin_context: MockCFNginContext,
monkeypatch: MonkeyPatch) -> None:
"""Test deploy with errors that result in destroy being called."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert_arn = "arn:aws:acm:us-east-1:012345678901:certificate/test"
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(cert, "domain_changed", lambda: False)
monkeypatch.setattr(cert, "deploy_stack",
lambda: STATUS.new) # type: ignore
monkeypatch.setattr(cert, "get_certificate", lambda: cert_arn)
monkeypatch.setattr(
cert,
"get_validation_record",
lambda x: "get_validation_record" if x == cert_arn else ValueError,
)
monkeypatch.setattr(
cert,
"put_record_set",
MagicMock(side_effect=[
cert.r53_client.exceptions.InvalidChangeBatch({}, ""),
cert.r53_client.exceptions.NoSuchHostedZone({}, ""),
None,
]),
)
monkeypatch.setattr(
cert, "destroy",
lambda records, skip_r53: check_bool_is_true(skip_r53))
monkeypatch.setattr(cert, "_wait_for_stack",
MagicMock(side_effect=StackFailed("test")))
assert not cert.deploy(
) # cert.r53_client.exceptions.InvalidChangeBatch
assert not cert.deploy() # cert.r53_client.exceptions.NoSuchHostedZone
monkeypatch.setattr(
cert, "destroy",
lambda records, skip_r53: check_bool_is_false(skip_r53))
assert not cert.deploy() # StackFailed
def test_deploy_domain_changed(self, cfngin_context, monkeypatch):
"""Test deploy domain changed."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(cert, "domain_changed", lambda: True)
assert not cert.deploy()
def test_stage_methods(
self,
cfngin_context: MockCFNginContext,
monkeypatch: MonkeyPatch,
stage: str,
expected: str,
) -> None:
"""Test stage methods.
All of these call a different method that is being tested separately
so this test just ensures each stage is mapped to the correct method
on the backend.
"""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(cert, "deploy", lambda: "deploy")
monkeypatch.setattr(cert, "destroy", lambda: "destroy")
assert getattr(cert, stage)() == expected
def test_attributes(self, cfngin_context):
"""Test attributes set during __init__."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
result = Certificate(context=cfngin_context,
provider=MagicMock(),
alt_names=['example.net'],
domain='example.com',
hosted_zone_id='test',
stack_name='stack-name',
ttl=13)
assert result.stack_name == 'stack-name'
assert result.properties.DomainName == 'example.com'
assert result.properties.SubjectAlternativeNames == ['example.net']
# value tested in base class; just ensure its not None
assert result.properties.Tags
assert result.properties.ValidationMethod == 'DNS'
# blueprint attributes
assert result.blueprint.VARIABLES['DomainName']
assert result.blueprint.VARIABLES['ValidateRecordTTL']
# template attributes
template = result.blueprint.template
assert template.description == result.get_template_description()
assert not template.metadata
assert not template.conditions
assert not template.mappings
assert template.outputs['DomainName'].Value.to_dict() == \
{'Ref': 'DomainName'}
assert template.outputs['ValidateRecordTTL'].Value.to_dict() == \
{'Ref': 'ValidateRecordTTL'}
assert not template.parameters
assert isinstance(template.resources['Certificate'],
CertificateResource)
assert not template.rules
assert template.version == '2010-09-09'
assert not template.transform
# stack attributes
assert result.stack.fqn == 'test-stack-name'
assert result.stack._blueprint == result.blueprint
def test_deploy_error_no_destroy(self, cfngin_context, monkeypatch):
"""Test deploy with errors that don't result in destroy being called."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'domain_changed', lambda: False)
monkeypatch.setattr(
cert, 'deploy_stack',
MagicMock(
side_effect=StackUpdateBadStatus('test', 'test', 'test')))
assert not cert.deploy()
def test_deploy_no_change(self, cfngin_context, monkeypatch):
"""Test deploy no change."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert_arn = 'arn:aws:acm:us-east-1:012345678901:certificate/test'
expected = {'CertificateArn': cert_arn}
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'domain_changed', lambda: False)
monkeypatch.setattr(cert, 'deploy_stack', lambda: STATUS.no)
monkeypatch.setattr(cert, 'get_certificate', lambda: cert_arn)
assert cert.deploy() == expected
def test_destory(self, cfngin_context, monkeypatch):
"""Test destory."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
# should only be called once
monkeypatch.setattr(cert, 'remove_validation_records',
MagicMock(return_value=None))
monkeypatch.setattr(cert, 'destroy_stack', lambda wait: None)
assert cert.destroy()
assert cert.destroy(skip_r53=True)
assert cert.remove_validation_records.call_count == 1 # pylint: disable=no-member
def test_get_certificate(self, cfngin_context: MockCFNginContext,
patch_time: None) -> None:
"""Test get_certificate."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
provider = MagicMock(cloudformation=boto3.client("cloudformation"))
cfn_stubber = Stubber(provider.cloudformation)
cert = Certificate(
context=cfngin_context,
provider=provider,
domain="example.com",
hosted_zone_id="test",
)
expected_request = {
"StackName": "test-example-com",
"LogicalResourceId": "Certificate",
}
cfn_stubber.add_response("describe_stack_resources",
{"StackResources": []}, expected_request)
cfn_stubber.add_response(
"describe_stack_resources",
{"StackResources": [gen_stack_resource()]},
expected_request,
)
cfn_stubber.add_response(
"describe_stack_resources",
{
"StackResources":
[gen_stack_resource(PhysicalResourceId="success")]
},
expected_request,
)
with cfn_stubber:
assert cert.get_certificate() == "success"
cfn_stubber.assert_no_pending_responses()
def test_get_validation_record(self, cfngin_context, monkeypatch,
patch_time, status):
"""Test get_validation_record."""
# setup context
acm_stubber = cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert_arn = 'arn:aws:acm:us-east-1:012345678901:certificate/test'
expected_request = {'CertificateArn': cert_arn}
validate_option_missing_record = gen_domain_validation_option(
ValidationStatus=status)
del validate_option_missing_record['ResourceRecord']
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'get_certificate', lambda: cert_arn)
acm_stubber.add_response('describe_certificate',
gen_certificate(CertificateArn=cert_arn),
expected_request)
acm_stubber.add_response(
'describe_certificate',
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[validate_option_missing_record]),
expected_request)
acm_stubber.add_response(
'describe_certificate',
gen_certificate(
CertificateArn=cert_arn,
DomainValidationOptions=[
gen_domain_validation_option(ValidationStatus=status)
]), expected_request)
with acm_stubber:
assert cert.get_validation_record(status=status) == \
gen_domain_validation_option()['ResourceRecord']
acm_stubber.assert_no_pending_responses()
def test_deploy_error_no_destroy(self, cfngin_context, monkeypatch):
"""Test deploy with errors that don't result in destroy being called."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(cert, "domain_changed", lambda: False)
monkeypatch.setattr(
cert,
"deploy_stack",
MagicMock(side_effect=StackUpdateBadStatus("test", "test", "test")),
)
assert not cert.deploy()
def test_deploy_no_change(self, cfngin_context, monkeypatch):
"""Test deploy no change."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert_arn = "arn:aws:acm:us-east-1:012345678901:certificate/test"
expected = {"CertificateArn": cert_arn}
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(cert, "domain_changed", lambda: False)
monkeypatch.setattr(cert, "deploy_stack", lambda: STATUS.no)
monkeypatch.setattr(cert, "get_certificate", lambda: cert_arn)
assert cert.deploy() == expected
def test_deploy_error_destroy(self, cfngin_context, monkeypatch):
"""Test deploy with errors that result in destroy being called."""
# setup context
cfngin_context.add_stubber('acm', 'us-east-1')
cfngin_context.add_stubber('route53', 'us-east-1')
cfngin_context.config.namespace = 'test'
cert_arn = 'arn:aws:acm:us-east-1:012345678901:certificate/test'
cert = Certificate(context=cfngin_context,
provider=MagicMock(),
domain='example.com',
hosted_zone_id='test')
monkeypatch.setattr(cert, 'domain_changed', lambda: False)
monkeypatch.setattr(cert, 'deploy_stack', lambda: STATUS.new)
monkeypatch.setattr(cert, 'get_certificate', lambda: cert_arn)
monkeypatch.setattr(
cert, 'get_validation_record', lambda x: 'get_validation_record'
if x == cert_arn else ValueError)
monkeypatch.setattr(
cert, 'put_record_set',
MagicMock(side_effect=[
cert.r53_client.exceptions.InvalidChangeBatch({}, ''),
cert.r53_client.exceptions.NoSuchHostedZone({}, ''), None
]))
monkeypatch.setattr(
cert, 'destroy',
lambda records, skip_r53: check_bool_is_true(skip_r53))
monkeypatch.setattr(cert, '_wait_for_stack',
MagicMock(side_effect=StackFailed('test')))
assert not cert.deploy(
) # cert.r53_client.exceptions.InvalidChangeBatch
assert not cert.deploy() # cert.r53_client.exceptions.NoSuchHostedZone
monkeypatch.setattr(
cert, 'destroy',
lambda records, skip_r53: check_bool_is_false(skip_r53))
assert not cert.deploy() # StackFailed
def test_deploy_recreate(self, cfngin_context: MockCFNginContext,
monkeypatch: MonkeyPatch):
"""Test deploy with stack recreation."""
# setup context
cfngin_context.add_stubber("acm", "us-east-1")
cfngin_context.add_stubber("route53", "us-east-1")
cfngin_context.config.namespace = "test"
cert_arn = "arn:aws:acm:us-east-1:012345678901:certificate/test"
expected = {"CertificateArn": cert_arn}
cert = Certificate(
context=cfngin_context,
provider=MagicMock(),
domain="example.com",
hosted_zone_id="test",
)
monkeypatch.setattr(cert, "domain_changed", lambda: False)
monkeypatch.setattr(cert, "deploy_stack",
lambda: STATUS.recreate) # type: ignore
monkeypatch.setattr(cert, "get_certificate",
MagicMock(side_effect=["old", cert_arn]))
monkeypatch.setattr(
cert,
"_wait_for_stack",
MagicMock(side_effect=[STATUS.new, None]) # type: ignore
)
monkeypatch.setattr(
cert,
"get_validation_record",
lambda x: "get_validation_record" if x == cert_arn else ValueError,
)
monkeypatch.setattr(
cert,
"put_record_set",
lambda x: None if x == "get_validation_record" else ValueError,
)
assert cert.deploy() == expected
