def test_lookup_selective_stack_lookup_limit_to_ssl_lookup(
mock_get_outputs_for_stack, mock_get_secret, mock_get_ssl_certificate):
# Mock Output (Credstash result)
mock_get_secret.return_value = 'secretPassword'
# Mock Output (SSL Cert)
mock_get_ssl_certificate.return_value = 'arn:aws:iam::11:server-certificate/cloudfront/2016/wildcard.dp.glomex.cloud-2016-03'
# Mock Output (Desc Stack)
mock_get_outputs_for_stack.return_value = {
'EC2BasicsLambdaArn':
'arn:aws:lambda:eu-west-1:1122233:function:dp-preprod-lambdaEC2Basics-12',
}
context = {'_awsclient': 'my_awsclient', 'tool': 'ramuda'}
config = {
'secret': 'lookup:secret:nameOfSecretPassword',
'sslCert': 'lookup:ssl:wildcard.dp.glomex.cloud-2016-03',
'stack': 'lookup:stack:dp-preprod:EC2BasicsLambdaArn'
}
_resolve_lookups(context, config, ['ssl'])
assert config.get('secret') == 'lookup:secret:nameOfSecretPassword'
assert config.get('sslCert') == \
'arn:aws:iam::11:server-certificate/cloudfront/2016/wildcard.dp.glomex.cloud-2016-03'
assert config.get('stack') == \
'lookup:stack:dp-preprod:EC2BasicsLambdaArn'
def test_stack_lookup_value(awsclient):
# lookup:stack:<stack_name> w/o value gets us the whole stack_output
context = {'_awsclient': awsclient, 'tool': 'ramuda'}
config = {'AWSAccountId': 'lookup:stack:infra-dev:AWSAccountId'}
_resolve_lookups(context, config, ['stack'])
assert config.get('AWSAccountId') == '420189626185'
def test_baseami_lookup(mock_get_base_ami):
# sample from mes-ftp, ftpbackend
context = {'_awsclient': 'my_awsclient', 'tool': 'kumo'}
config = {'BaseAMIID': 'lookup:baseami'}
_resolve_lookups(context, config, ['baseami'])
mock_get_base_ami.assert_called_once_with('my_awsclient', ['569909643510'])
assert config.get('BaseAMIID') == 'img-123456'
def test_region_secret_lookup(mock_get_secret):
# sample from ops-captaincrunch-slack
context = {'_awsclient': 'my_awsclient', 'tool': 'ramuda'}
config = {'bot_token': 'lookup:secret:captaincrunch.bot_token'}
_resolve_lookups(context, config, ['secret'])
mock_get_secret.assert_called_once_with('my_awsclient',
'captaincrunch.bot_token',
region_name=None)
assert config.get('bot_token') == 'foobar1234'
def test_stack_lookup_value(mock_stack_exists, mock_get_outputs_for_stack):
mock_get_outputs_for_stack.return_value = {
'EC2BasicsLambdaArn':
'arn:aws:lambda:eu-west-1:1122233:function:dp-preprod-lambdaEC2Basics-12',
}
# sample from data-platform, operations
context = {'_awsclient': 'my_awsclient', 'tool': 'ramuda'}
config = {'LambdaLookupARN': 'lookup:stack:dp-preprod:EC2BasicsLambdaArn'}
_resolve_lookups(context, config, ['stack'])
mock_get_outputs_for_stack.assert_called_once_with('my_awsclient',
'dp-preprod', None)
assert config.get('LambdaLookupARN') == \
'arn:aws:lambda:eu-west-1:1122233:function:dp-preprod-lambdaEC2Basics-12'
def test_lookup_kumo_sample(mock_stack_exists, mock_get_outputs_for_stack,
mock_get_base_ami):
mock_get_base_ami.return_value = 'ami-91307fe2'
mock_get_outputs_for_stack.return_value = {
'DefaultInstancePolicyARN':
'arn:aws:iam::420189626185:policy/7f-managed/infra-dev-Defaultmanagedinstancepolicy-9G6XX1YXZI5O',
'DefaultVPCId': 'vpc-88d2a7ec',
}
context = {'_awsclient': 'my_awsclient', 'tool': 'kumo'}
config = {
'kumo': {
'stack': {
'StackName': 'gcdt-sample-stack',
},
'parameters': {
'VPCId': 'vpc-88d2a7ec',
'ScaleMinCapacity': '1',
'ScaleMaxCapacity': '1',
'InstanceType': 't2.micro',
'ELBDNSName': 'supercars',
'BaseStackName': 'infra-dev',
'DefaultInstancePolicyARN':
'lookup:stack:infra-dev:DefaultInstancePolicyARN',
'AMI': 'lookup:baseami'
}
}
}
_resolve_lookups(context, config, ['ssl', 'stack', 'secret', 'baseami'])
assert config['kumo'] == {
'stack': {
'StackName': 'gcdt-sample-stack',
},
'parameters': {
'VPCId': 'vpc-88d2a7ec',
'ScaleMinCapacity': '1',
'ScaleMaxCapacity': '1',
'InstanceType': 't2.micro',
'ELBDNSName': 'supercars',
'BaseStackName': 'infra-dev',
'DefaultInstancePolicyARN':
'arn:aws:iam::420189626185:policy/7f-managed/infra-dev-Defaultmanagedinstancepolicy-9G6XX1YXZI5O',
'AMI': 'ami-91307fe2'
}
}
def test_secret_lookup_continue_if_not_found(mock_get_secret, logcapture):
logcapture.level = logging.INFO
mock_get_secret.side_effect = ItemNotFound('not found, sorry')
context = {'_awsclient': 'my_awsclient', 'tool': 'ramuda'}
config = {'bazz_value': 'lookup:secret:foo.bar.bazz:CONTINUE_IF_NOT_FOUND'}
_resolve_lookups(context, config, ['secret'])
mock_get_secret.assert_called_once_with('my_awsclient',
'foo.bar.bazz',
region_name=None)
assert config.get('bazz_value') == \
'lookup:secret:foo.bar.bazz:CONTINUE_IF_NOT_FOUND'
records = list(logcapture.actual())
assert records[0][1] == 'WARNING'
assert records[0][2] == \
'lookup:secret \'foo.bar.bazz\' not found in credstash!'
def get_tooldata(awsclient,
tool,
command,
config=None,
config_base_name=None,
location=None):
"""Helper for main tests to assemble tool data.
used in testing to read from 'gcdt_<env>.json' files
:param awsclient:
:param tool:
:param command:
:param config: provide custom config or empty to read from file
:param config_base_name:
:param location:
:return:
"""
from gcdt_lookups.lookups import _resolve_lookups
if config is None:
if config_base_name is None:
config_base_name = 'gcdt'
if location is None:
location = '.'
env = get_env()
gcdt_config_file = os.path.join(location,
'%s_%s.json' % (config_base_name, env))
context = {'_awsclient': awsclient, 'tool': tool, 'command': command}
config = fix_old_kumo_config(read_json_config(gcdt_config_file))[tool]
_resolve_lookups(
context, config,
config.get('lookups', ['secret', 'ssl', 'stack', 'baseami']))
tooldata = {
'context': {
'tool': tool,
'command': command,
'version': __version__,
'user': '******',
'_awsclient': awsclient
},
'config': config
}
return tooldata
def test_read_config_mock_service_discovery_ssl(mock_get_ssl_certificate,
mock_get_outputs_for_stack):
mock_get_outputs_for_stack.return_value = {
'DefaultInstancePolicyARN': 'arn:aws:bla:blub',
}
# Mock Output (List SSL Certs)
mock_get_ssl_certificate.return_value = 'arn:aws:iam::11:server-certificate/cloudfront/2016/wildcard.dp.glomex.cloud-2016-03'
# sample from mes-proxy
context = {'_awsclient': 'my_awsclient', 'tool': 'ramuda'}
config = {
'DefaultInstancePolicyARN':
'lookup:stack:portal-dev:DefaultInstancePolicyARN',
'SSLCert': 'lookup:ssl:wildcard.glomex.com'
}
_resolve_lookups(context, config, ['ssl', 'stack'])
mock_get_outputs_for_stack.assert_called_once_with('my_awsclient',
'portal-dev', None)
mock_get_ssl_certificate.assert_called_once_with('my_awsclient',
'wildcard.glomex.com')
assert config.get('SSLCert') == \
'arn:aws:iam::11:server-certificate/cloudfront/2016/wildcard.dp.glomex.cloud-2016-03'
def test_secret_lookup(awsclient):
context = {'_awsclient': awsclient, 'tool': 'kumo'}
config = {'BaseAMIID': 'lookup:secret:ops.dev.base_ami'}
_resolve_lookups(context, config, ['secret'])
assert config.get('BaseAMIID') == 'ami-1370b36a'