def test_process_ec2_subnets(self):
self.check.run()
self.assert_executed_ok()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
comp = top.assert_component(
components,
"subnet-9e4be5f9",
"aws.subnet",
checks={
"SubnetId": "subnet-9e4be5f9",
"Tags.Name": "demo-deployments",
"URN": ["arn:aws:ec2:{}:731070500579:subnet/{}".format("eu-west-1", "subnet-9e4be5f9")],
"Name": "demo-deployments-eu-west-1a",
},
)
self.assert_location_info(comp)
comp = top.assert_component(
components,
"subnet-12345678",
"aws.subnet",
checks={"SubnetId": "subnet-12345678", "Name": "subnet-12345678-eu-west-1a"},
)
top.assert_relation(relations, "subnet-9e4be5f9", "vpc-6b25d10e", "uses service")
top.assert_relation(relations, "subnet-12345678", "vpc-6b25d10e", "uses service")
top.assert_all_checked(components, relations)
def test_process_ec2_security_groups_order_has_no_influence_on_hash(self):
self.check.run()
self.assert_executed_ok()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
if sys.version_info.major == 3:
version_to_check = self.first_security_group_version_py3
else:
version_to_check = self.first_security_group_version_py2
top.assert_component(
components,
self.first_sg_group_id,
"aws.security-group",
checks={
"URN": ["arn:aws:ec2:{}:731070500579:security-group/{}".format("eu-west-1", self.first_sg_group_id)],
"Version": version_to_check,
"Name": "network-ALBSecurityGroupPublic-1DNVWX102724V",
},
)
top.assert_all_checked(components, relations, unchecked_components=48, unchecked_relations=49)
def test_process_firehose(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
firehose_arn_prefix = "arn:aws:firehose:eu-west-1:548105126730:deliverystream/"
top.assert_component(
components,
firehose_arn_prefix + "firehose_1",
"aws.firehose.delivery-stream",
checks={
"Name":
"firehose_1",
"DeliveryStreamARN":
firehose_arn_prefix + "firehose_1",
"Tags.SomeKey":
"SomeValue",
"CW.Dimensions": [{
"Key": "DeliveryStreamName",
"Value": "firehose_1"
}],
},
)
top.assert_component(
components,
firehose_arn_prefix + "firehose_2",
"aws.firehose.delivery-stream",
checks={
"Name":
"firehose_2",
"DeliveryStreamARN":
firehose_arn_prefix + "firehose_2",
"CW.Dimensions": [{
"Key": "DeliveryStreamName",
"Value": "firehose_2"
}],
},
)
top.assert_relation(
relations,
"arn:aws:kinesis:eu-west-1:548105126730:stream/stream_1",
firehose_arn_prefix + "firehose_1",
"uses-service",
)
top.assert_relation(relations, firehose_arn_prefix + "firehose_1",
"arn:aws:s3:::firehose-bucket_1", "uses-service")
top.assert_relation(relations, firehose_arn_prefix + "firehose_2",
"arn:aws:s3:::firehose-bucket_2", "uses-service")
top.assert_all_checked(components, relations)
def test_process_ecs_create_service(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
self.assertGreater(len(topology[0]["components"]), 0)
top.assert_component(
topology[0]["components"],
"arn:aws:ecs:eu-west-1:731070500579:cluster/default",
"aws.ecs.cluster")
def test_process_ec2_state_stopping(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
top.assert_component(
components,
"i-1234567890123456",
"aws.ec2",
checks={"InstanceId": "i-1234567890123456"},
)
def test_process_elb(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
events = aggregator.events
self.assertEqual(len(events),
2) # TODO nothing is checked on the events
top.assert_component(
components,
"arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/classic-loadbalancer-1",
"aws.elb_classic",
{
"LoadBalancerName":
"classic-loadbalancer-1",
"Tags.stackstate-environment":
"Production",
"URN": [
"arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/classic-loadbalancer-1"
],
},
)
top.assert_relation(
relations,
"arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/classic-loadbalancer-1",
"vpc-6b25d10e",
"uses service",
)
top.assert_relation(
relations,
"arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/classic-loadbalancer-1",
"sg-193aec7c",
"uses service",
)
top.assert_relation(
relations,
"arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/classic-loadbalancer-1",
"i-09388d5bfc0ab9e78",
"uses service",
)
top.assert_relation(
relations,
"arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/classic-loadbalancer-1",
"i-05b20853cc72c23c4",
"uses service",
)
top.assert_all_checked(components, relations)
def test_process_ec2_stop_instances(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
self.assertEqual(len(topology[0]["components"]), 1)
top.assert_component(
components,
"i-0f70dba7ea83d6dec",
"aws.ec2",
checks={"InstanceId": "i-0f70dba7ea83d6dec", "State": {"Code": 80, "Name": "stopped"}},
)
def test_process_ec2_start_instances(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
self.assertEqual(len(topology[0]["components"]), 1)
top.assert_component(
components,
"i-1234567890123456",
"aws.ec2",
checks={"InstanceId": "i-1234567890123456", "State": {"Code": 16, "Name": "running"}},
)
def test_process_ec2_modify_instance_attributes(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
self.assertEqual(len(topology[0]["components"]), 1)
top.assert_component(
components,
"i-1234567890123456",
"aws.ec2",
checks={"InstanceId": "i-1234567890123456", "InstanceType": "m6gd.medium"},
)
def test_process_ec2_run_instances(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
self.assertEqual(len(components), 1)
top.assert_component(
components,
"i-0f70dba7ea83d6dec",
"aws.ec2",
checks={"InstanceId": "i-0f70dba7ea83d6dec", "LaunchTime": "2018-04-16T08:01:08+00:00"},
)
def test_process_elbv2_create_target_group(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
self.assertEqual(len(topology[0]["components"]), 3)
components = topology[0]["components"]
top.assert_component(
components,
"arn:aws:elasticloadbalancing:eu-west-1:123456789012:targetgroup/"
+ "elvin-AlbEc-PYQ8ZCZDRD5E/6e2b19e842496efb",
"aws.elb_v2_target_group",
)
def test_process_kinesis(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
base_stream_arn = "arn:aws:kinesis:eu-west-1:731070500579:stream/"
top.assert_component(
components,
base_stream_arn + "stream_1",
"aws.kinesis.data-stream",
checks={
"Name": "stream_1",
"StreamDescriptionSummary.StreamARN": "arn:aws:kinesis:eu-west-1:731070500579:stream/stream_1",
"Tags.TestKey": "TestValue",
},
)
top.assert_component(
components, base_stream_arn + "stream_2", "aws.kinesis.data-stream", checks={"Name": "stream_2"}
)
top.assert_component(
components, base_stream_arn + "stream_3", "aws.kinesis.data-stream", checks={"Name": "stream_3"}
)
top.assert_component(
components, base_stream_arn + "stream_4", "aws.kinesis.data-stream", checks={"Name": "stream_4"}
)
top.assert_all_checked(components, relations)
def test_process_sns(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
base_target_id = "arn:aws:lambda:eu-west-1:731070500579:function:com-stackstate-prod-sam-seed-"
top.assert_relation(
relations,
"arn:aws:sns:eu-west-1:731070500579:my-topic-1",
base_target_id + "TopicHandler-11EWA2GN9YNLL",
"uses-service",
)
top.assert_relation(
relations,
"arn:aws:sns:eu-west-1:731070500579:my-topic-2",
base_target_id + "TopicHandler-21EWA2GN9YNLL",
"uses-service",
)
top.assert_relation(
relations,
"arn:aws:sns:eu-west-1:731070500579:my-topic-3",
base_target_id + "TopicHandler-31EWA2GN9YNLL",
"uses-service",
)
top.assert_relation(
relations,
"arn:aws:sns:eu-west-1:731070500579:my-topic-3",
base_target_id + "TopicHandler-41EWA2GN9YNLL",
"uses-service",
)
top.assert_relation(
relations,
"arn:aws:sns:eu-west-1:731070500579:my-topic-3",
"arn:aws:sqs:eu-west-1:731070500579:STS_stackpack_test",
"uses-service",
)
top.assert_component(
components,
"arn:aws:sns:eu-west-1:731070500579:my-topic-1",
"aws.sns.topic",
checks={
"TopicArn": "arn:aws:sns:eu-west-1:731070500579:my-topic-1",
"Name": "my-topic-1",
"Tags.SnsTagKey": "SnsTagValue",
"CW.Dimensions": [{"Key": "TopicName", "Value": "my-topic-1"}],
},
)
self.assert_location_info(topology[0]["components"][0])
top.assert_component(components, "arn:aws:sns:eu-west-1:731070500579:my-topic-2", "aws.sns.topic")
top.assert_component(components, "arn:aws:sns:eu-west-1:731070500579:my-topic-3", "aws.sns.topic")
top.assert_component(components, "arn:aws:sns:eu-west-1:731070500579:my-topic-4", "aws.sns.topic")
top.assert_all_checked(components, relations)
def test_process_ec2_state_stopping(self):
with patch(
"stackstate_checks.aws_topology.AwsTopologyCheck.must_run_full",
return_value=False):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_updated_ok()
components = topology[0]["components"]
top.assert_component(
components,
"i-1234567890123456",
"aws.ec2.instance",
checks={"InstanceId": "i-1234567890123456"},
)
def test_process_ec2_terminate_instances(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
self.assertEqual(len(topology[0]["components"]), 1)
top.assert_component(
components,
"i-0f70dba7ea83d6dec",
"aws.ec2",
checks={
"InstanceId": "i-0f70dba7ea83d6dec",
"StateTransitionReason": "User initiated (2018-04-16 19:07:25 GMT)",
},
)
def test_process_sqs(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
component = top.assert_component(
components,
"arn:aws:sqs:eu-west-1:731070500579:STS_stackpack_test",
"aws.sqs",
checks={
"Tags.a":
"b",
"Name":
"STS_stackpack_test",
"URN": [
"https://sqs.eu-west-1.amazonaws.com/731070500579/STS_stackpack_test"
],
"CW.Dimensions": [{
"Key": "QueueName",
"Value": "STS_stackpack_test"
}],
},
)
self.assert_location_info(component)
top.assert_all_checked(components, relations)
def test_process_ec2_vpcs(self):
self.check.run()
self.assert_executed_ok()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
comp = top.assert_component(
components,
"vpc-6b25d10e",
"aws.ec2.vpc",
checks={
"VpcId":
"vpc-6b25d10e",
"Name":
"vpc-6b25d10e",
"URN": [
"arn:aws:ec2:{}:731070500579:vpc/{}".format(
"eu-west-1", "vpc-6b25d10e")
],
},
)
self.assert_location_info(comp)
comp = top.assert_component(
components,
"vpc-12345678",
"aws.ec2.vpc",
checks={
"VpcId": "vpc-12345678",
"Name": "default",
},
)
comp = top.assert_component(
components,
"vpc-87654321",
"aws.ec2.vpc",
checks={
"VpcId": "vpc-87654321",
"Name": "MyVpc",
},
)
top.assert_all_checked(components, relations)
def test_process_elbv2_create_target_group(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_updated_ok()
self.assertEqual(len(topology[0]["components"]), 4)
components = topology[0]["components"]
top.assert_component(
components,
"arn:aws:elasticloadbalancing:eu-west-1:731070500579:targetgroup/myfirsttargetgroup/28ddec997ec55d21",
"aws.elb-v2.target-group",
)
self.assertEqual(
"arn:aws:elasticloadbalancing:eu-west-1:731070500579:" +
"loadbalancer/app/myfirstloadbalancer/90dd512583d2d7e9",
topology[0]["components"][0]["id"],
)
def test_process_route53_domain(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
top.assert_component(
components,
"stackstate.com",
"aws.route53.domain",
checks={
"URN": ["arn:aws:route53::731070500579:domain/stackstate.com"],
"Tags.Route53DomainTagKey": "Route53DomainTagValue",
"DomainName": "stackstate.com",
},
)
self.assert_location_info(topology[0]["components"][0])
top.assert_all_checked(components, relations)
def test_process_cloudformation_stack_relations(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
stack1 = (
"arn:aws:cloudformation:eu-west-1:731070500579:stack/stackstate-topo-publisher/"
+ "71ea3f80-9919-11e9-a261-0a99a68566c4")
stack2 = (
"arn:aws:cloudformation:eu-west-1:731070500579:stack/stackstate-topo-cwevents/"
+ "077bd960-9919-11e9-adb7-02135cc8443e")
top.assert_component(
components,
stack1,
"aws.cloudformation",
checks={
"LastUpdatedTime": "2019-06-27T20:23:43.548Z",
"StackName": "stackstate-topo-publisher"
},
)
top.assert_component(
components,
stack2,
"aws.cloudformation",
checks={
"LastUpdatedTime": "2019-06-27T20:20:45.336Z",
"StackName": "stackstate-topo-cwevents"
},
)
top.assert_relation(relations, stack2, stack1, "has resource")
top.assert_all_checked(components, relations)
def test_process_s3(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
target_id = (
"arn:aws:lambda:eu-west-1:731070500579:" +
"function:com-stackstate-prod-s-NotifyBucketEventsHandle-1W0B5NSZYJ3G1"
)
top.assert_component(
components,
"arn:aws:s3:::stackstate.com",
"aws.s3.bucket",
checks={
"Name": "stackstate.com",
"Tags.BucketTag": "TagValue",
"BucketLocation": "eu-west-1"
},
)
self.assert_location_info(topology[0]["components"][0])
top.assert_component(components,
"arn:aws:s3:::binx.io",
"aws.s3.bucket",
checks={"Name": "binx.io"})
top.assert_component(components,
"arn:aws:s3:::notags",
"aws.s3.bucket",
checks={
"Name": "notags",
"Tags": {},
"BucketLocation": "eu-west-1"
})
top.assert_relation(
relations,
"arn:aws:s3:::stackstate.com",
target_id,
"uses-service",
checks={"event_type": "s3:ObjectCreated:*"},
)
top.assert_relation(relations,
"arn:aws:s3:::binx.io",
target_id,
"uses-service",
checks={"event_type": "s3:ObjectRemoved:*"})
top.assert_relation(relations,
"arn:aws:s3:::notags",
target_id,
"uses-service",
checks={"event_type": "s3:ObjectCreated:*"})
top.assert_all_checked(components, relations)
def test_process_route53_hostedzone(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
top.assert_component(
components,
"Z4OKCQBA0VS63",
"aws.route53.hostedzone",
checks={
"Name": "serverless.nl",
"URN": ["arn:aws:route53:::hostedzone/Z4OKCQBA0VS63"],
"Tags.ResourceTagKey": "ResourceTagValue",
"HostedZone.Name": "serverless.nl.",
},
)
self.assert_location_info(topology[0]["components"][0])
top.assert_all_checked(components, relations)
def test_process_autoscaling(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
# TODO this needs to be fixed in go, delete_ids need to be passed
topology[0]["delete_ids"] = self.check.delete_ids
components = topology[0]["components"]
relations = topology[0]["relations"]
group_arn = (
"arn:aws:autoscaling:eu-west-1:731070500579:" +
"autoScalingGroup:e1155c2b-016a-40ad-8cba-2423c349574b:" +
"autoScalingGroupName/awseb-e-gwhbyckyjq-stack-AWSEBAutoScalingGroup-35ZMDUKHPCUM"
)
comp = top.assert_component(
components,
"awseb-e-gwhbyckyjq-stack-AWSEBAutoScalingGroup-35ZMDUKHPCUM",
"aws.autoscaling",
checks={
"AutoScalingGroupARN": group_arn,
"Name":
"awseb-e-gwhbyckyjq-stack-AWSEBAutoScalingGroup-35ZMDUKHPCUM",
"URN": [group_arn]
},
)
self.assert_location_info(comp)
top.assert_relation(
relations,
"arn:aws:elasticloadbalancing:eu-west-1:731070500579:loadbalancer/awseb-e-g-AWSEBLoa-1WTFTHM4EDGUX",
group_arn,
"uses service",
)
top.assert_relation(relations, group_arn, "i-063c119ff97e71b82",
"uses service")
top.assert_relation(relations, group_arn, "i-0928b13f776ba8e76",
"uses service")
top.assert_relation(relations, group_arn, "i-0ed02eb3eab5399fb",
"uses service")
self.assertEqual(len(topology[0]["delete_ids"]), 3)
top.assert_all_checked(components, relations)
def test_process_ec2_vpn_gateways(self):
self.check.run()
self.assert_executed_ok()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
comp = top.assert_component(
components,
"vgw-b8c2fccc",
"aws.vpngateway",
checks={
"VpnGatewayId": "vgw-b8c2fccc",
},
)
self.assert_location_info(comp)
top.assert_relation(relations, "vgw-b8c2fccc", "vpc-6b25d10e", "uses service")
top.assert_all_checked(components, relations)
def test_process_lambda(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
# Function
comp = top.assert_component(
components,
"arn:aws:lambda:eu-west-1:731070500579:function:com-stackstate-prod-sam-seed-PutHello-1LUD3ESBOR6EY",
"aws.lambda",
checks={
"FunctionName":
"com-stackstate-prod-sam-seed-PutHello-1LUD3ESBOR6EY",
"Tags.Group": "StackState"
},
)
self.assert_location_info(comp)
# lambda sts-xray-test-01
top.assert_component(
components,
"arn:aws:lambda:eu-west-1:731070500579:function:sts-xray-test-01",
"aws.lambda")
# Lambda sts-xray-test-01 has an alias
top.assert_component(
components,
"arn:aws:lambda:eu-west-1:731070500579:function:sts-xray-test-01:old",
"aws.lambda.alias",
checks={
"Function.FunctionName": "sts-xray-test-01",
"Name": "old"
},
)
# sts-xray-test-01 has vpcid
top.assert_relation(
relations,
"arn:aws:lambda:eu-west-1:731070500579:function:sts-xray-test-01",
"vpc-c6d073bf", "uses service")
# alias also has relation with vpcid
top.assert_relation(
relations,
"arn:aws:lambda:eu-west-1:731070500579:function:sts-xray-test-01:old",
"vpc-c6d073bf",
"uses service",
)
top.assert_component(
components,
"arn:aws:lambda:eu-west-1:731070500579:function:sts-xray-test-02",
"aws.lambda")
# Lambda sts-xray-test-02 has an alias
top.assert_component(
components,
"arn:aws:lambda:eu-west-1:731070500579:function:sts-xray-test-02:altnm",
"aws.lambda.alias",
checks={
"Function.FunctionName": "sts-xray-test-02",
"Name": "altnm"
},
)
top.assert_relation(
relations,
"arn:aws:lambda:eu-west-1:731070500579:function:com-stackstate-prod-PersonIdDynamoDBHandler-6KMIBXKKKCEZ",
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_1/stream/2018-05-17T08:09:27.110",
"uses service",
)
top.assert_relation(
relations,
"arn:aws:lambda:eu-west-1:731070500579:function:com-stackstate-prod-PersonCreatedKinesisHand-19T8EJADX2DE",
"arn:aws:kinesis:eu-west-1:731070500579:stream/stream_1",
"uses service",
)
top.assert_all_checked(components, relations)
def test_process_ecs(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
# default cluster
comp = top.assert_component(
components,
"arn:aws:ecs:eu-west-1:731070500579:cluster/default",
"aws.ecs.cluster",
checks={
"Name": "default",
"Tags.stackstate-identifier": "sts-ecs-test",
"CW.Dimensions": [{
"Key": "ClusterName",
"Value": "default"
}],
},
)
self.assert_location_info(comp)
# ECS Cluster
top.assert_component(
components,
"arn:aws:ecs:eu-west-1:731070500579:cluster/StackState-ECS-Cluster",
"aws.ecs.cluster",
checks={
"Name":
"StackState-ECS-Cluster",
"Tags.StackstateIdentifier":
"camel-case-id",
"CW.Dimensions": [{
"Key": "ClusterName",
"Value": "StackState-ECS-Cluster"
}],
},
)
# service
top.assert_component(
components,
"arn:aws:ecs:eu-west-1:731070500579:service/sample-app-service",
"aws.ecs.service",
checks={
"Name":
"sample-app-service",
"CW.Dimensions": [
{
"Key": "ClusterName",
"Value": "default"
},
{
"Key": "ServiceName",
"Value": "sample-app-service"
},
],
"URN": [
"urn:service:/service-sample-app-service-sample-app",
"urn:service:/service-sample-app-service-xray-daemon",
],
},
)
# task
top.assert_component(
components,
"arn:aws:ecs:eu-west-1:731070500579:task/f89e69d0-0829-48b8-a503-c7b02a62fe9f",
"aws.ecs.task",
checks={
"Name":
"first-run-task-definition:2",
"URN": [
"urn:service-instance:/service-sample-app-service-sample-app:/10.0.0.53",
"urn:service-instance:/service-sample-app-service-xray-daemon:/10.0.0.54",
],
},
)
# default cluster has a service
top.assert_relation(
relations,
"arn:aws:ecs:eu-west-1:731070500579:cluster/default",
"arn:aws:ecs:eu-west-1:731070500579:service/sample-app-service",
"has_cluster_node",
)
# service has a task
top.assert_relation(
relations,
"arn:aws:ecs:eu-west-1:731070500579:service/sample-app-service",
"arn:aws:ecs:eu-west-1:731070500579:task/f89e69d0-0829-48b8-a503-c7b02a62fe9f",
"has_cluster_node",
)
# service has a lb targetgroup
top.assert_relation(
relations,
"arn:aws:ecs:eu-west-1:731070500579:service/sample-app-service",
"arn:aws:elasticloadbalancing:eu-west-1:731070500579:targetgroup/EC2Co-Defau-7HYSTVRX07KO/a7e4eb718fda7510",
"uses service",
)
# ECS cluster has an instance
top.assert_relation(
relations,
"arn:aws:ecs:eu-west-1:731070500579:cluster/StackState-ECS-Cluster",
"string", "uses_ec2_host")
top.assert_all_checked(components, relations)
def test_process_dynamodb(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
# table_1
top.assert_component(
components,
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_1",
"aws.dynamodb.table",
checks={
"TableArn":
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_1",
"Name": "table_1",
"CW.Dimensions": [{
"Key": "TableName",
"Value": "table_1"
}],
},
)
# table_1.stream
top.assert_component(
components,
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_1/stream/2018-05-17T08:09:27.110",
"aws.dynamodb.streams",
checks={
"LatestStreamArn":
"arn:aws:dynamodb:eu-west-1:731070500579:" +
"table/table_1/stream/2018-05-17T08:09:27.110",
"Name":
"table_1/stream/2018-05-17T08:09:27.110",
"CW.Dimensions": [
{
"Key": "TableName",
"Value": "table_1"
},
{
"Key": "StreamLabel",
"Value": "2018-05-17T08:09:27.110"
},
],
},
)
# table_1 <-> stream
top.assert_relation(
relations,
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_1",
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_1/stream/2018-05-17T08:09:27.110",
"uses-service",
)
top.assert_component(
components,
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_2",
"aws.dynamodb.table")
top.assert_component(
components,
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_3",
"aws.dynamodb.table")
top.assert_component(
components,
"arn:aws:dynamodb:eu-west-1:731070500579:table/table_4",
"aws.dynamodb.table")
top.assert_all_checked(components, relations)
def test_process_stepfunctions(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
names = resource("json/cloudformation/names.json"
) # TODO move file to stepfunctions (=snapshot)
def get_id(name,
region="eu-west-1",
stack="stackstate-main-account-main-region"):
account = "548105126730"
res = names.get(account + "|" + region + "|" + stack + "|" + name)
if res:
if not res["id"].startswith("arn:aws:"):
arn = type_arn.get(res["type"])
if arn:
return arn(region=region,
account_id=account,
resource_id=res["id"])
else:
return "UNSUPPORTED_ARN-" + res["type"] + "-" + res[
"id"]
else:
return res["id"]
sfn_id = get_id("StepFunctionsStateMachine")
top.assert_component(components, sfn_id,
"aws.stepfunction.statemachine")
top.assert_component(components, get_id("StepFunctionsActivity"),
"aws.stepfunction.activity")
state_names = [
"Activity",
"ApiMap",
"ApiGateway",
"FakeChoice",
"FakeInput",
"Finish",
"NoFinish",
"ParallelRun",
"ECS",
"SNS",
"SQS",
"SQSSecondaryRegion",
"DynamoDB",
"Lambda",
"LambdaOldVersion",
]
for state_name in state_names:
top.assert_component(components, sfn_id + ":state/" + state_name,
"aws.stepfunction.state")
# starting state
top.assert_relation(relations, sfn_id, sfn_id + ":state/ParallelRun",
"uses service")
# parallel branch 1
top.assert_relation(relations, sfn_id + ":state/ParallelRun",
sfn_id + ":state/ECS", "uses service")
# parallel branch 2
top.assert_relation(relations, sfn_id + ":state/ParallelRun",
sfn_id + ":state/SNS", "uses service")
if True:
top.assert_relation(relations, sfn_id + ":state/SNS",
sfn_id + ":state/SQS", "uses service")
top.assert_relation(relations, sfn_id + ":state/SQS",
sfn_id + ":state/SQSSecondaryRegion",
"uses service")
# parallel branch 3
top.assert_relation(relations, sfn_id + ":state/ParallelRun",
sfn_id + ":state/Lambda", "uses service")
if True:
top.assert_relation(relations, sfn_id + ":state/Lambda",
sfn_id + ":state/LambdaOldVersion",
"uses service")
top.assert_relation(relations, sfn_id + ":state/LambdaOldVersion",
sfn_id + ":state/DynamoDB", "uses service")
top.assert_relation(relations, sfn_id + ":state/ParallelRun",
sfn_id + ":state/FakeInput", "uses service")
# iterator
top.assert_relation(relations, sfn_id + ":state/FakeInput",
sfn_id + ":state/ApiMap", "uses service")
if True:
top.assert_relation(relations, sfn_id + ":state/ApiMap",
sfn_id + ":state/ApiGateway", "uses service")
# choice
top.assert_relation(relations, sfn_id + ":state/ApiMap",
sfn_id + ":state/FakeChoice", "uses service")
if True:
top.assert_relation(relations, sfn_id + ":state/FakeChoice",
sfn_id + ":state/Finish", "uses service")
top.assert_relation(relations, sfn_id + ":state/FakeChoice",
sfn_id + ":state/Activity", "uses service")
# last
top.assert_relation(relations, sfn_id + ":state/Activity",
sfn_id + ":state/NoFinish", "uses service")
# 15 states
top.assert_relation(relations, sfn_id + ":state/SNS",
get_id("SnsTopic"), "uses service")
top.assert_relation(relations, sfn_id + ":state/SQS",
get_id("SqsQueue"), "uses service")
top.assert_relation(
relations,
sfn_id + ":state/SQSSecondaryRegion",
get_id("SqsQueue",
stack="stackstate-main-account-secondary-region",
region="us-east-1"),
"uses service",
)
top.assert_relation(relations, sfn_id + ":state/DynamoDB",
get_id("DynamoDbTable"), "uses service")
# TODO ApiGatewayV2 not yet supported (SO RELATION LEFT ALERTER)
# TODO also verify if this is OK to refer to the API stage here?
self.assertIn("UNSUPPORTED_ARN-AWS::ApiGatewayV2::",
get_id("ApiGatewayApi") + "/test")
# top.assert_relation(relations, sfn_id + ':state/ApiGateway', get_id('ApiGatewayApi') + '/test')
top.assert_relation(relations, sfn_id + ":state/Lambda",
get_id("LambdaFunction"), "uses service")
top.assert_relation(relations, sfn_id + ":state/LambdaOldVersion",
get_id("LambdaFunction"), "uses service")
top.assert_relation(relations, sfn_id + ":state/ECS",
get_id("EcsTaskDefinition"), "uses service")
top.assert_relation(relations, sfn_id + ":state/ECS",
get_id("EcsCluster"), "uses service")
top.assert_relation(relations, sfn_id + ":state/Activity",
get_id("StepFunctionsActivity"), "uses service")
# TODO IAM not yet supported (SO RELATION LEFT ALERTER)
self.assertIn("UNSUPPORTED_ARN-AWS::IAM::",
get_id("StepFunctionsIamRole"))
# top.assert_relation(relations, sfn_id, get_id('StepFunctionsIamRole'))
self.assertEqual(len(topology[0]["relations"]), 26)
top.assert_all_checked(components, relations, unchecked_relations=2)
def test_process_apigateway(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
api_arn = "arn:aws:execute-api:eu-west-1:731070500579:api_1"
stage_arn_prefix = "arn:aws:execute-api:eu-west-1:731070500579:api_1/stage{}"
resource_arn_prefix = "arn:aws:execute-api:eu-west-1:731070500579:api_1/stage{}/*/hello"
method_arn_prefix = "arn:aws:execute-api:eu-west-1:731070500579:api_1/stage{}/{}/hello"
lambda_arn_prefix = "arn:aws:lambda:eu-west-1:731070500579:function:{}"
sqs_arn = "arn:aws:sqs:eu-west-1:508573134510:STS_stackpack_test"
# we have 2 stages
for n in range(0, 2):
# each state has 1 stage + 5 methods + 1 resource + 1 integration = 8*2 = 16 components
# stage
comp = top.assert_component(
components,
stage_arn_prefix.format(n + 1),
"aws.apigateway.stage",
checks={
"RestApiName":
"api_1",
"CW.Dimensions": [
{
"Key": "Stage",
"Value": "stage{}".format(n + 1)
},
{
"Key": "ApiName",
"Value": "api_1"
},
],
},
)
if n == 0:
self.assertEqual(comp["data"]["Tags"]["StageTagKey1"],
"StageTagValue1")
# resource
top.assert_component(
components,
resource_arn_prefix.format(n + 1),
"aws.apigateway.resource",
checks={
"Path":
"/hello",
"CW.Dimensions": [
{
"Key": "Stage",
"Value": "stage{}".format(n + 1)
},
{
"Key": "ApiName",
"Value": "api_1"
},
],
},
)
top.assert_component(
components,
method_arn_prefix.format(n + 1, "DELETE"),
"aws.apigateway.method",
checks={
"HttpMethod":
"DELETE",
"CW.Dimensions": [
{
"Key": "Method",
"Value": "DELETE"
},
{
"Key": "Resource",
"Value": "/hello"
},
{
"Key": "Stage",
"Value": "stage{}".format(n + 1)
},
{
"Key": "ApiName",
"Value": "api_1"
},
],
},
)
top.assert_component(
components,
method_arn_prefix.format(n + 1, "GET"),
"aws.apigateway.method",
checks={
"HttpMethod":
"GET",
"CW.Dimensions": [
{
"Key": "Method",
"Value": "GET"
},
{
"Key": "Resource",
"Value": "/hello"
},
{
"Key": "Stage",
"Value": "stage{}".format(n + 1)
},
{
"Key": "ApiName",
"Value": "api_1"
},
],
},
)
top.assert_component(
components,
method_arn_prefix.format(n + 1, "PATCH"),
"aws.apigateway.method",
checks={
"HttpMethod":
"PATCH",
"CW.Dimensions": [
{
"Key": "Method",
"Value": "PATCH"
},
{
"Key": "Resource",
"Value": "/hello"
},
{
"Key": "Stage",
"Value": "stage{}".format(n + 1)
},
{
"Key": "ApiName",
"Value": "api_1"
},
],
},
)
top.assert_component(
components,
method_arn_prefix.format(n + 1, "POST"),
"aws.apigateway.method",
checks={
"HttpMethod":
"POST",
"CW.Dimensions": [
{
"Key": "Method",
"Value": "POST"
},
{
"Key": "Resource",
"Value": "/hello"
},
{
"Key": "Stage",
"Value": "stage{}".format(n + 1)
},
{
"Key": "ApiName",
"Value": "api_1"
},
],
},
)
top.assert_component(components, "urn:service:/84.35.236.89",
"aws.apigateway.method.http.integration")
top.assert_component(
components,
method_arn_prefix.format(n + 1, "PUT"),
"aws.apigateway.method",
checks={
"HttpMethod":
"PUT",
"CW.Dimensions": [
{
"Key": "Method",
"Value": "PUT"
},
{
"Key": "Resource",
"Value": "/hello"
},
{
"Key": "Stage",
"Value": "stage{}".format(n + 1)
},
{
"Key": "ApiName",
"Value": "api_1"
},
],
},
)
top.assert_component(components, api_arn, "aws.apigateway")
# we have 2 stages
relations = topology[0]["relations"]
for n in range(1, 3):
top.assert_relation(relations, api_arn, stage_arn_prefix.format(n),
"has resource")
top.assert_relation(relations, stage_arn_prefix.format(n),
resource_arn_prefix.format(n), "uses service")
top.assert_relation(relations, resource_arn_prefix.format(n),
method_arn_prefix.format(n, "PATCH"),
"uses service")
top.assert_relation(relations,
method_arn_prefix.format(n, "PATCH"), sqs_arn,
"uses service")
top.assert_relation(relations, resource_arn_prefix.format(n),
method_arn_prefix.format(n, "PUT"),
"uses service")
top.assert_relation(
relations,
method_arn_prefix.format(n, "PUT"),
lambda_arn_prefix.format("PutHello-1LUD3ESBOR6EY"),
"uses service",
)
top.assert_relation(relations, resource_arn_prefix.format(n),
method_arn_prefix.format(n, "POST"),
"uses service")
top.assert_relation(relations, method_arn_prefix.format(n, "POST"),
"urn:service:/84.35.236.89", "uses service")
top.assert_relation(relations, resource_arn_prefix.format(n),
method_arn_prefix.format(n, "GET"),
"uses service")
top.assert_relation(
relations,
method_arn_prefix.format(n, "GET"),
lambda_arn_prefix.format("GetHello-1CZ5O92284Z69"),
"uses service",
)
top.assert_relation(relations, resource_arn_prefix.format(n),
method_arn_prefix.format(n, "DELETE"),
"uses service")
top.assert_relation(
relations,
method_arn_prefix.format(n, "DELETE"),
lambda_arn_prefix.format("DeleteHello-1LDFJCU54ZL5"),
"uses service",
)
top.assert_all_checked(components, relations, unchecked_components=1)
def test_process_rds(self):
self.check.run()
topology = [top.get_snapshot(self.check.check_id)]
self.assertEqual(len(topology), 1)
self.assert_executed_ok()
components = topology[0]["components"]
relations = topology[0]["relations"]
# cluster
top.assert_component(
components,
"arn:aws:rds:eu-west-1:731070500579:cluster:productiondatabasecluster",
"aws.rds_cluster",
checks={
"DBClusterArn":
"arn:aws:rds:eu-west-1:731070500579:cluster:productiondatabasecluster",
"Name":
"arn:aws:rds:eu-west-1:731070500579:cluster:productiondatabasecluster",
"CW.Dimensions": [{
"Key": "DBClusterIdentifier",
"Value": "productiondatabasecluster"
}],
"Tags.testing":
"test",
},
)
# instance 1
top.assert_component(
components,
"arn:aws:rds:eu-west-1:731070500579:db:productiondatabase",
"aws.rds_instance",
)
# instance 2
top.assert_component(
components,
"arn:aws:rds:eu-west-1:731070500579:db:productiondatabase-eu-west-1c",
"aws.rds_instance",
checks={
"DBInstanceIdentifier":
"productiondatabase-eu-west-1c",
"Name":
"productiondatabase-eu-west-1c",
"CW.Dimensions": [{
"Key": "DBInstanceIdentifier",
"Value": "productiondatabase-eu-west-1c"
}],
"URN": [
"urn:endpoint:/productiondatabase-eu-west-1c.cdnm1uvvpdkc.eu-west-1.rds.amazonaws.com"
],
},
)
# cluster <-> instance-1
top.assert_relation(
relations,
"arn:aws:rds:eu-west-1:731070500579:cluster:productiondatabasecluster",
"arn:aws:rds:eu-west-1:731070500579:db:productiondatabase",
"has_cluster_node",
)
# cluster <-> instance-2
top.assert_relation(
relations,
"arn:aws:rds:eu-west-1:731070500579:cluster:productiondatabasecluster",
"arn:aws:rds:eu-west-1:731070500579:db:productiondatabase-eu-west-1c",
"has_cluster_node",
)
# instance-1 <-> vpc
top.assert_relation(
relations,
"arn:aws:rds:eu-west-1:731070500579:db:productiondatabase",
"vpc-6b25d10e", "uses service")
# instance-1 <-> security group
top.assert_relation(
relations,
"arn:aws:rds:eu-west-1:731070500579:db:productiondatabase",
"sg-053ecf78", "uses service")
# instance-1 <-> vpc
top.assert_relation(
relations,
"arn:aws:rds:eu-west-1:731070500579:db:productiondatabase-eu-west-1c",
"vpc-6b25d10e",
"uses service",
)
# instance-1 <-> security group
top.assert_relation(
relations,
"arn:aws:rds:eu-west-1:731070500579:db:productiondatabase-eu-west-1c",
"sg-053ecf78",
"uses service",
)
top.assert_all_checked(components, relations)
