Example #1
0
def test_fargate_scheduled_rule(stack: Stack) -> None:
    """Test fargate scheduled rule creation."""
    stack.add(
        FargateScheduledTaskRule(
            description="This is a test rule",
            ecs_cluster=FargateCluster(name="test-cluster"),
            name="test-rule",
            schedule_expression="cron(0/15 * * * ? *)",
            task_names=["test-task"],
            vpc=EcsVPC(name="test-vpc", region="eu-west-1"),
            state="DISABLED",
        ))
    print(stack.export()["Resources"])
    assert stack.export()["Resources"] == EXPECTED_FARGATE_SCHEDULED_RULE
Example #2
0
def test_internet_gateway(stack: Stack) -> None:
    """Test InternetGateway construct."""
    vpc = ec2.VPC(
        name_to_id("vpc-test"),
        CidrBlock="10.0.0.0/16",
        EnableDnsHostnames="true",
        EnableDnsSupport="true",
    )

    subnets = [
        ec2.Subnet(
            name_to_id(f"{zone}-subnet"),
            CidrBlock="10.0.0.0/20",
            AvailabilityZone="eu-west-1b",
            VpcId=Ref(vpc),
            MapPublicIpOnLaunch="true",
        ) for zone, ip in zip(["eu-west-1a", "eu-west-1b"],
                              ["10.0.0.0/20", "10.0.16.0/20"])
    ]

    igw = InternetGateway(name_prefix="test", vpc=vpc, subnets=subnets)

    for el in (vpc, *subnets, igw):
        stack.add(el)

    assert stack.export()["Resources"] == EXPECTED_TEMPLATE
Example #3
0
def test_fargate_task_definition(stack: Stack) -> None:
    """Test fargate task definition creation."""
    docker_container_def = ecs.ContainerDefinition(
        Image="image-uri",
        Name="container-def-name",
        LogConfiguration=ecs.LogConfiguration(
            LogDriver="awslogs",
            Options={
                "awslogs-group": "test-log-group",
                "awslogs-create-group": "true",
                "awslogs-region": "eu-west-1",
                "awslogs-stream-prefix": "test-prefix",
            },
        ),
    )

    stack.add(
        FargateTaskDefinition(
            name="test-fargate-task-definition",
            container_definitions=[docker_container_def],
            task_role_arn="task-role-name",
            cpu="1024",
            memory="4096",
        ))
    assert stack.export()["Resources"] == EXPECTED_FARGATE_TASK_DEFINITION
Example #4
0
def test_http_api_custom_domain(stack: Stack) -> None:
    """Test basic HTTP API with custom domain."""
    stack.s3_bucket = "cfn_bucket"
    stack.s3_key = "templates/"

    lambda_fun = Py38Function(
        name="mypylambda",
        description="this is a test",
        role="somearn",
        code_dir="my_code_dir",
        handler="app.main",
    )
    stack.add(lambda_fun)
    stack.add(
        HttpApi(
            name="testapi",
            description="this is a test",
            lambda_arn=lambda_fun.ref,
            domain_name="api.example.com",
            hosted_zone_id="ABCDEFG",
            route_list=[GET(route="/api1"),
                        POST(route="/api2")],
        ))
    with open(os.path.join(TEST_DIR,
                           "apigateway_test_custom_domain.json")) as fd:
        expected = json.load(fd)

    assert stack.export()["Resources"] == expected
Example #5
0
def test_bucket(stack: Stack) -> None:
    """Test bucket creation."""
    stack.s3_bucket = "cfn_bucket"
    stack.s3_key = "templates/"

    topic_test = Topic(name="test-topic")
    queue_test = Queue(name="test-queue")
    lambda_test = Py38Function(
        name="mypylambda",
        description="this is a test",
        role="somearn",
        code_dir="my_code_dir",
        handler="app.main",
    )

    stack.add(topic_test)
    stack.add(lambda_test)
    stack.add(queue_test)

    bucket = Bucket(name="test-bucket")
    bucket.add_notification_configuration(event="s3:ObjectCreated:*",
                                          target=topic_test,
                                          permission_suffix="TpUpload")
    bucket.add_notification_configuration(event="s3:ObjectCreated:*",
                                          target=lambda_test,
                                          permission_suffix="TpUpload")
    bucket.add_notification_configuration(event="s3:ObjectCreated:*",
                                          target=queue_test,
                                          permission_suffix="FileEvent")
    stack.add(bucket)

    with open(os.path.join(TEST_DIR, "bucket.json")) as fd:
        expected_template = json.load(fd)

    assert stack.export()["Resources"] == expected_template
Example #6
0
def test_config_rules(stack: Stack) -> None:
    """Test config rules creation."""
    for config_rule in (
        S3BucketPublicWriteProhibited,
        S3BucketPublicReadProhibited,
        S3BucketServerSideEncryptionEnabled,
        S3BucketSSLRequestsOnly,
        IAMUserNoPoliciesCheck,
    ):
        stack.add(config_rule)

    assert stack.export()["Resources"] == EXPECTED_RULES
Example #7
0
def test_http_api_custom_domain(stack: Stack) -> None:
    """Test basic HTTP API with custom domain."""
    stack.s3_bucket = "cfn_bucket"
    stack.s3_key = "templates/"

    lambda_fun = Py38Function(
        name="mypylambda",
        description="this is a test",
        role="somearn",
        code_dir="my_code_dir",
        handler="app.main",
    )
    stack.add(lambda_fun)
    http_api = HttpApi(
        name="testapi",
        description="this is a test",
        lambda_arn=lambda_fun.ref,
        domain_name="api.example.com",
        hosted_zone_id="ABCDEFG",
        route_list=[
            GET(route="/api1"),
            POST(route="/api2"),
            GET("/api3", auth=JWT_AUTH, authorizer_name="testauthorizer"),
        ],
    )
    http_api.add_jwt_authorizer(
        name="testauthorizer",
        audience=["testaudience"],
        issuer="https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_test",
    )
    stack.add(http_api)

    with open(os.path.join(TEST_DIR,
                           "apigateway_test_custom_domain.json")) as fd:
        expected = json.load(fd)

    print(stack.export()["Resources"])
    assert stack.export()["Resources"] == expected
Example #8
0
def test_awslambda(stack: Stack) -> None:
    """Test config recorder creation."""
    stack.s3_bucket = "cfn_bucket"
    stack.s3_key = "templates/"
    stack.add(
        Py38Function(
            name="mypylambda",
            description="this is a test",
            role="somearn",
            code_dir="my_code_dir",
            handler="app.main",
        ))

    assert stack.export()["Resources"] == EXPECTED_TEMPLATE
Example #9
0
def test_role(stack: Stack) -> None:
    """Test IAM role creation.

    Creating a Role also tests PolicyDocument and Policystatement classes.
    """
    stack.add(
        Role(
            name="TestRole",
            description="TestRole description",
            max_session_duration=7200,
            trust={"Service": "test"},
            tags={"TestTagKey": "TestTagValue"},
        ))
    assert stack.export()["Resources"] == EXPECTED_ROLE
Example #10
0
def test_bucket_multi_encryption(stack: Stack) -> None:
    """Test bucket accepting multiple types of encryptions and without default."""
    bucket = Bucket(
        name="test-bucket",
        default_bucket_encryption=None,
        authorized_encryptions=[
            EncryptionAlgorithm.AES256, EncryptionAlgorithm.KMS
        ],
    )
    stack.add(bucket)

    with open(os.path.join(TEST_DIR, "bucket_multi_encryption.json")) as fd:
        expected_template = json.load(fd)

    assert stack.export()["Resources"] == expected_template
Example #11
0
def test_s3_website_distribution(stack: Stack) -> None:
    """Test Cloudfront S3WebsiteDistribution construct."""
    stack.add(
        S3WebsiteDistribution(
            name="test-s3w-dist",
            aliases=["test.s3w.com"],
            bucket_name="host-bucket",
            certificate_arn="acm_arn",
            default_ttl=360,
            lambda_edge_function_arns=["lamba_arn"],
            r53_route_from=[("hosted_zone_id", "test.s3w.com")],
        )
    )

    with open(os.path.join(TEST_DIR, "s3websitedistribution.json")) as fd:
        expected_template = json.load(fd)

    assert stack.export()["Resources"] == expected_template
Example #12
0
def test_docker_function(stack: Stack) -> None:
    """Test adding docker function to stack."""
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    stubber_ecr = aws_env.stub("ecr")

    stubber_ecr.add_response(
        "get_authorization_token",
        {
            "authorizationData": [{
                "authorizationToken":
                base64.b64encode(b"test_user:test_pwd").decode(),
                "proxyEndpoint":
                "test_endpoint",
            }]
        },
        {},
    )

    stack.deploy_session = aws_env
    docker_function = DockerFunction(
        name="dockerfunction",
        description="this is a test",
        role="somearn",
        source_dir=SOURCE_DIR,
        repository_name="e3_aws_test_repository",
        image_tag="test_tag",
    )
    client = docker.from_env()
    try:
        stack.add(docker_function)
    except docker.errors.APIError:
        # Push is expected to fail
        pass
    finally:
        # Always try to remove local test image
        client.images.remove(
            f"e3_aws_test_repository:{docker_function.image_tag}")

    # Add resources without trying to push the image to ECR
    stack.dry_run = True
    stack.add(docker_function)

    assert stack.export()["Resources"] == EXPECTED_DOCKER_FUNCTION
Example #13
0
def test_stackset(stack: Stack) -> None:
    """test Cloudformation stack set creation."""
    stack.s3_bucket = "cfn_bucket"
    stack.s3_key = "templates/"

    stack_set = StackSet(
        name="stack-set-test",
        description="this is a test",
        regions=["eu-west-1"],
        ous=["test-ou"],
    )

    stack_set.add(
        Role(
            name="TestRole",
            description="TestRole description",
            trust={"Service": "test"},
        )
    )
    stack_set.add_condition("", Equals(AccountId, "test_account_id"))
    stack.add(stack_set)
    assert stack.export()["Resources"] == EXPECTED_TEMPLATE
Example #14
0
def test_http_api(stack: Stack) -> None:
    """Test basic HTTP API."""
    stack.s3_bucket = "cfn_bucket"
    stack.s3_key = "templates/"

    lambda_fun = Py38Function(
        name="mypylambda",
        description="this is a test",
        role="somearn",
        code_dir="my_code_dir",
        handler="app.main",
    )
    stack.add(lambda_fun)
    stack.add(
        HttpApi(
            name="testapi",
            description="this is a test",
            lambda_arn=lambda_fun.ref,
            route_list=[GET(route="/api1"),
                        POST(route="/api2")],
        ))

    assert stack.export()["Resources"] == EXPECTED_TEMPLATE
Example #15
0
def test_fargate_cluster(stack: Stack) -> None:
    """Test Fargate cluster creation."""
    stack.add(FargateCluster(name="test-cluster"))
    assert stack.export()["Resources"] == EXPECTED_FARGATE_CLUSTER
Example #16
0
def test_ecr_repository(stack: Stack) -> None:
    """Test ECR repository scheduled rule creation."""
    stack.add(Repository(name="test-repository"))
    assert stack.export()["Resources"] == EXPECTED_REPOSITORY
Example #17
0
def test_vpc(stack: Stack) -> None:
    """Test VPC creation."""
    ecr_endpoint_pd = PolicyDocument(
        statements=[
            Allow(
                action=[
                    "ecr:BatchGetImage",
                    "ecr:GetAuthorizationToken",
                    "ecr:GetDownloadUrlForLayer",
                ],
                resource="*",
                principal="*",
            )
        ]
    )
    s3_endpoint_pd = PolicyDocument(
        statements=[
            Allow(action=["s3:PutObject", "s3:GetObject"], resource="*", principal="*"),
            Allow(action="s3:ListBucket", resource="*", principal="*"),
        ]
    )
    cloudwatch_endpoint_pd = PolicyDocument(
        statements=[
            Allow(
                action=[
                    "logs:CreateLogStream",
                    "logs:CreateLogGroup",
                    "logs:PutLogEvents",
                ],
                resource="*",
                principal="*",
            )
        ]
    )
    sm_endpoint_pd = PolicyDocument(
        statements=[
            Allow(
                action=[
                    "secretsmanager:GetResourcePolicy",
                    "secretsmanager:GetSecretValue",
                    "secretsmanager:DescribeSecret",
                    "secretsmanager:ListSecretVersionIds",
                ],
                resource=["this_is_a_secret_arn"],
                principal="*",
            )
        ]
    )
    stack.add(
        VPC(
            name="TestVPC",
            region="eu-west-1",
            internet_gateway=True,
            nat_gateway=True,
            s3_endpoint_policy_document=s3_endpoint_pd,
            interface_endpoints=[
                ("logs", cloudwatch_endpoint_pd),
                ("ecr.api", ecr_endpoint_pd),
                ("ecr.dkr", ecr_endpoint_pd),
                ("sts", None),
                ("secretsmanager", sm_endpoint_pd),
            ],
        )
    )
    with open(os.path.join(TEST_DIR, "vpc.json")) as fd:
        expected_template = json.load(fd)

    assert stack.export()["Resources"] == expected_template
Example #18
0
def test_ecs_vpc(stack: Stack) -> None:
    """Test ECS VPC creation."""
    stack.add(EcsVPC(name="test-vpc", region="eu-west-1"))
    assert stack.export()["Resources"] == EXPECTED_ECS_VPC
Example #19
0
def test_internet_gateway(stack: Stack, route_table_provided: bool) -> None:
    """Test InternetGateway construct."""
    vpc = ec2.VPC(
        name_to_id("vpc-test"),
        CidrBlock="10.0.0.0/16",
        EnableDnsHostnames="true",
        EnableDnsSupport="true",
    )

    subnets = [
        ec2.Subnet(
            name_to_id(f"{zone}-subnet"),
            CidrBlock="10.0.0.0/20",
            AvailabilityZone="eu-west-1b",
            VpcId=Ref(vpc),
            MapPublicIpOnLaunch="true",
        ) for zone, ip in zip(["eu-west-1a", "eu-west-1b"],
                              ["10.0.0.0/20", "10.0.16.0/20"])
    ]

    if route_table_provided:
        route_table = ec2.RouteTable(name_to_id("TestIgwRouteTable"),
                                     VpcId=Ref(vpc))
    else:
        route_table = None

    igw = InternetGateway(name_prefix="test",
                          vpc=vpc,
                          subnets=subnets,
                          route_table=route_table)

    for el in (vpc, *subnets, igw):
        stack.add(el)

    template = dict(EXPECTED_TEMPLATE)

    if not route_table_provided:
        template["TestIgwRouteTable"] = {
            "Properties": {
                "VpcId": {
                    "Ref": "VpcTest"
                }
            },
            "Type": "AWS::EC2::RouteTable",
        }
        template["Test0"] = {
            "Properties": {
                "RouteTableId": {
                    "Ref": "TestIgwRouteTable"
                },
                "SubnetId": {
                    "Ref": "EuWest1aSubnet"
                },
            },
            "Type": "AWS::EC2::SubnetRouteTableAssociation",
        }
        template["Test1"] = {
            "Properties": {
                "RouteTableId": {
                    "Ref": "TestIgwRouteTable"
                },
                "SubnetId": {
                    "Ref": "EuWest1bSubnet"
                },
            },
            "Type": "AWS::EC2::SubnetRouteTableAssociation",
        }

    assert stack.export()["Resources"] == template
Example #20
0
def test_config_recorder(stack: Stack) -> None:
    """Test config recorder creation."""
    stack.add(ConfigurationRecorder(bucket_name="config-test-bucket"))
    assert stack.export()["Resources"] == EXPECTED_RECORDER