def test_infra(sess_mock):
sess_mock.return_value = True
session = BotoSession()
infra = Infra('Test', session)
vpc_stack = infra.add_stack(vpc.VPCStack())
s3_one = infra.add_stack(s3.S3Stack('one'))
s3_two = infra.add_stack(s3.S3Stack('two'))
# test find stack
vpc_find = infra.find_stack(vpc.VPCStack)
assert isinstance(vpc_find, (vpc.VPCStack))
assert infra.find_stack(s3.S3Stack, 'one').stack_name == 'one'
assert infra.find_stack(s3.S3Stack, 'two').stack_name == 'two'
# test list_stacks
assert len(infra.list_stacks()) == 3
# test sub
sub = infra.create_sub_infra('sub')
sub_sub = sub.create_sub_infra('sub')
assert sub_sub.prefix == ['sub', 'sub']
def infra():
infra = Infra("test")
prod_infra = infra.create_sub_infra("prod")
iam_stack = prod_infra.add_stack(iam.IAMStack("roles"))
web_profile = iam_stack.add_role(iam.EC2AdminProfile("test"))
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
eip_stack = prod_infra.add_stack(eip.EIPStack("test"))
ebs_stack = prod_infra.add_stack(ebs.EBSStack("test", vpc_stack))
sns_stack = prod_infra.add_stack(sns.SNSTopicStack('test'))
return {
'infra': infra,
'prod_infra': prod_infra,
'iam_stack': iam_stack,
'web_profile': web_profile,
'vpc_stack': vpc_stack,
'eip_stack': eip_stack,
'ebs_stack': ebs_stack,
'sns_stack': sns_stack
}
def common_stacks(infra):
# add VPC Stack
vpc_stack = infra.add_stack(vpc.VPCStack())
# security groups
sf_sg = vpc_stack.add_security_group(vpc.SelfReferenceSecurityGroup())
ssh_sg = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSHAll"))
web_sg = vpc_stack.add_security_group(vpc.WebSecurityGroup("WebAll"))
# s3 stack
s3_stack = infra.add_stack(s3.S3Stack("MediaBuckets"))
pub_media_bucket = s3_stack.add_bucket(s3.S3Bucket("Media"))
pub_media_bucket.public = True
# iam stack
iam_stack = infra.add_stack(iam.IAMStack("BaseRoles"))
# ec2 profile
ec2_profile = iam_stack.add_role(iam.EC2Profile("WebServer"))
# give role write access to the s3 bucket
ec2_profile.add_policy(iam.S3FullBucketAccess(pub_media_bucket))
# create a user for codedeploy
codedeploy_user = iam_stack.add_user(iam.IAMUser('CodeDeoloyUser'))
# alarms
alarm_stack = infra.add_stack(alarms.AlarmStack("Alarms"))
alarm_stack.add_topic(sns_stack)
def test_ssh_sec_group(prod_infra):
infra = prod_infra[0]
prod_infra = prod_infra[1]
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
vpc_stack.num_azs = 3
ssh_sg = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSH"))
t = vpc_stack.build_template()
assert isinstance(ssh_sg, vpc.SSHSecurityGroup)
sg_dict = t.resources['SSHSecurityGroup'].to_dict()
assert sg_dict['Properties']['SecurityGroupIngress'][0]['ToPort'] == 22
assert sg_dict['Properties']['SecurityGroupIngress'][0]['FromPort'] == 22
assert sg_dict['Properties']['SecurityGroupIngress'][0][
'CidrIp'] == '0.0.0.0/0'
ssh_sg2 = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSH2"))
ssh_sg2.allow_cidr('1.2.3.4/5')
t = vpc_stack.build_template()
sg_dict = t.resources['SSH2SecurityGroup'].to_dict()
assert sg_dict['Properties']['SecurityGroupIngress'][0]['ToPort'] == 22
assert sg_dict['Properties']['SecurityGroupIngress'][0]['FromPort'] == 22
assert sg_dict['Properties']['SecurityGroupIngress'][0][
'CidrIp'] == '1.2.3.4/5'
assert ssh_sg.output_security_group() == "ProdTestVPCSSHSecurityGroup"
def test_infra():
infra = Infra('test')
test_infra = infra.create_sub_infra('test')
vpc_stack = test_infra.add_stack(vpc.VPCStack())
return {'infra': infra, 'test_infra': test_infra, 'vpc_stack': vpc_stack}
def test_nat_gateway(prod_infra):
infra = prod_infra[0]
prod_infra = prod_infra[1]
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
vpc_stack.num_azs = 3
eip_stack = prod_infra.add_stack(eip.EIPStack())
nat_eip = eip_stack.add_ip("NatEip")
# test eip introspection
with pytest.raises(Exception) as e:
vpc_stack.add_nat_gateway(eip_stack)
assert "EIP Instance" in str(e)
# try with real EIP
vpc_stack.add_nat_gateway(nat_eip)
t = vpc_stack.build_template()
res = t.resources
assert isinstance(res['NatGateway'], (troposphere.ec2.NatGateway))
print(res['NatGatewayRoute'].to_dict())
def test_infra():
infra = stackformation.Infra('test')
test_infra = infra.create_sub_infra('test')
vpc_stack = test_infra.add_stack(vpc.VPCStack())
return (infra, test_infra, vpc_stack)
def test_add_sec_group(prod_infra):
infra = prod_infra[0]
prod_infra = prod_infra[1]
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
vpc_stack.num_azs = 3
with pytest.raises(Exception) as e:
vpc_stack.add_security_group(infra)
def test_base_sec_group(prod_infra):
infra = prod_infra[0]
prod_infra = prod_infra[1]
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
vpc_stack.num_azs = 3
base_sg = vpc_stack.add_security_group(vpc.SecurityGroup('base'))
with pytest.raises(Exception) as e:
vpc_stack.build_template()
assert "Must implement" in str(e)
def test_find_sec_group(prod_infra):
infra = prod_infra[0]
prod_infra = prod_infra[1]
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
vpc_stack.num_azs = 3
ssh_sg = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSH"))
web_sg = vpc_stack.add_security_group(vpc.WebSecurityGroup("Web"))
find_ssh = vpc_stack.find_security_group(vpc.SSHSecurityGroup)
find_web = vpc_stack.find_security_group(vpc.WebSecurityGroup)
assert isinstance(find_ssh, vpc.SSHSecurityGroup)
assert isinstance(find_web, vpc.WebSecurityGroup)
def test_all_ports_sec_group(prod_infra):
infra = prod_infra[0]
prod_infra = prod_infra[1]
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
vpc_stack.num_azs = 3
ap_sg = vpc_stack.add_security_group(vpc.AllPortsSecurityGroup("Test"))
t = vpc_stack.build_template()
sg = t.resources['TestAllPortsSecurityGroup'].to_dict()
assert sg['Properties']['SecurityGroupIngress'][0]['ToPort'] == '-1'
assert sg['Properties']['SecurityGroupIngress'][0]['FromPort'] == '-1'
assert sg['Properties']['SecurityGroupIngress'][0]['CidrIp'] == '0.0.0.0/0'
def infra():
infra = Infra("test")
prod_infra = infra.create_sub_infra("prod")
iam_stack = prod_infra.add_stack(iam.IAMStack("roles"))
web_profile = iam_stack.add_role(iam.EC2AdminProfile("test"))
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
eip_stack = prod_infra.add_stack(eip.EIPStack("test"))
ebs_stack = prod_infra.add_stack(ebs.EBSStack("test", vpc_stack))
return (infra, prod_infra, iam_stack, web_profile, vpc_stack, eip_stack,
ebs_stack)
def test_vpc_stack(prod_infra):
infra = prod_infra[0]
prod_infra = prod_infra[1]
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
assert isinstance(vpc_stack, vpc.VPCStack)
t = vpc_stack.build_template()
assert len(vpc_stack.output_azs()) == 2
assert len(vpc_stack.output_private_subnets()) == 2
assert len(vpc_stack.output_public_subnets()) == 2
assert vpc_stack.output_vpc() == "ProdTestVPCVpcId"
assert vpc_stack.output_public_routetable(
) == "ProdTestVPCPublicRouteTable"
assert vpc_stack.output_private_routetable(
) == "ProdTestVPCPrivateRouteTable"
assert vpc_stack.output_default_acl_table() == "ProdTestVPCDefaultAclTable"
def test_web_sec_group(prod_infra):
infra = prod_infra[0]
prod_infra = prod_infra[1]
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
vpc_stack.num_azs = 3
web_sg = vpc_stack.add_security_group(vpc.WebSecurityGroup("Web"))
t = vpc_stack.build_template()
sg = t.resources['WebSecurityGroup'].to_dict()
assert sg['Properties']['SecurityGroupIngress'][0]['ToPort'] == 80
assert sg['Properties']['SecurityGroupIngress'][0]['FromPort'] == 80
assert sg['Properties']['SecurityGroupIngress'][0]['CidrIp'] == '0.0.0.0/0'
assert sg['Properties']['SecurityGroupIngress'][1]['ToPort'] == 443
assert sg['Properties']['SecurityGroupIngress'][1]['FromPort'] == 443
assert sg['Properties']['SecurityGroupIngress'][1]['CidrIp'] == '0.0.0.0/0'
assert web_sg.output_security_group() == "ProdTestVPCWebSecurityGroup"
def common_stacks(infra):
# create VPC
vpc_stack = infra.add_stack(vpc.VPCStack())