def test_templateCF_GenericLambdaEvents(self): resources = { 'lambda_events': { 'testLambdaEvent': { 'batchsize': '100', 'enabled': 'true', 'sourcearn': 'someArn', 'lambda': 'lambdaFunctionName', 'startingposition': "LATEST", }, }, } expected = { "testLambdaEvent": { "Type": "AWS::Lambda::EventSourceMapping", "Properties": { "BatchSize": "100", "Enabled": "true", "EventSourceArn": "someArn", "FunctionName": "lambdaFunctionName", "StartingPosition": "LATEST" } } } actual = templateCF(resources, 'resources') self.maxDiff = None self.assertDictEqual(actual, expected)
def test_templateCF_RestAPI(self): resources = { 'apigateway': { 'testapi': { 'name': API_NAME, 'description': 'test description', 'failOnWarnings': True, 'deployments': { 'deployment': {}, }, } } } expected = { 'testapi': { 'Type': 'AWS::ApiGateway::RestApi', 'Properties': { 'Description': 'test description', 'FailOnWarnings': 'true', 'Name': API_NAME, }, }, 'deployment': DEFAULT_API_DEPLOYMENT, } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_TestEvent(self): target = { 'id': 'fooId', 'arn': 'fooRef', } resources = { 'events': { 'testevent': { 'name': EVENT_NAME, 'description': 'test description', 'schedule': 'rate(10 minutes)', 'targets': [target], } } } testevent = resources['events']['testevent'] expected = { 'testevent': { 'Type': 'AWS::Events::Rule', 'Properties': { 'ScheduleExpression': testevent['schedule'], 'Targets': [ { 'Id': target['id'], 'Arn': {'Fn::GetAtt': [target['arn'], "Arn"]}, } ], 'Description': testevent['description'], 'Name': testevent['name'], }, } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_EFSMount(self): resources = { 'efsmount': { 'testefsmount': { 'filesystemid': 'testfsid', 'ipaddress': '1.2.3.4', 'securitygroupid': 'sg-1234567', 'subnetid': 'sub-1234567' } } } expected = { 'testefsmount': { 'Type': 'AWS::EFS::MountTarget', 'Properties': { 'FileSystemId': { 'Fn::ImportValue': { 'Fn::Sub': [ '${EFSStack}-EFS-testfsid', { 'EFSStack': { 'Ref': 'EFSStack' } } ] } }, 'IpAddress': '1.2.3.4', 'SecurityGroups': [ { 'Fn::ImportValue': { 'Fn::Sub': [ '${SecurityStack}-SecGroup-sg-1234567', { 'SecurityStack': { 'Ref': 'SecurityStack' } } ] } } ], 'SubnetId': { 'Fn::ImportValue': { 'Fn::Sub': [ '${VPCStack}-Subnet-sub-1234567', { 'VPCStack': { 'Ref': 'VPCStack' } } ] } } } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_Athena_NamedQuery(self): resources = { "athena_namedquery": { "samplequery": { "description": "samplequery", "querystring": "SELECT workflowname, AVG(activitytaskstarted) AS AverageWorkflow FROM swfmetadata WHERE year='17' AND GROUP BY workflowname ORDER BY AverageWorkflow DESC LIMIT 10", "database": "sampledb", "name": "SampleQuery" } } } expected = { "samplequery": { "Properties": { "Database": "sampledb", "Description": "samplequery", "Name": "SampleQuery", "QueryString": "SELECT workflowname, AVG(activitytaskstarted) AS AverageWorkflow FROM swfmetadata WHERE year='17' AND GROUP BY workflowname ORDER BY AverageWorkflow DESC LIMIT 10" }, "Type": "AWS::Athena::NamedQuery" } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_EFS(self): resources = { 'efs': { 'testefs': { 'tags': { 'tagname1': 'tagval1', 'tagname2': 'tagval2' }, 'performancemode': 'generalPurpose' } } } expected = { 'testefs': { 'Type': 'AWS::EFS::FileSystem', 'Properties': { 'FileSystemTags': [ { 'Key': 'tagname2', 'Value': 'tagval2' }, { 'Key': 'tagname1', 'Value': 'tagval1' } ], 'PerformanceMode': 'generalPurpose' } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_RedshiftParametersGroup(self): resources = { 'redshift_paramsgroup': { 'testparamgroup': { 'description': 'someparamgroup', 'groupfamily': 'aurora5.6', 'parameters': { 'testparamname1': 'testparamval1', 'testparamname2': 'testparamval2' } } } } expected = { 'testparamgroup': { 'Type': 'AWS::Redshift::ClusterParameterGroup', 'Properties': { 'Description': 'someparamgroup', 'ParameterGroupFamily': 'aurora5.6', 'Parameters': [{ 'ParameterName': 'testparamname1', 'ParameterValue': 'testparamval1' }, { 'ParameterName': 'testparamname2', 'ParameterValue': 'testparamval2' }] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_EIP(self): resources = {'eip': {'test1', 'test2.3-4'}} expected = { 'test1EIP': { 'Type': 'AWS::EC2::EIP', 'Properties': { 'InstanceId': { 'Ref': 'test1' }, 'Domain': 'vpc' } }, 'test234EIP': { 'Type': 'AWS::EC2::EIP', 'Properties': { 'InstanceId': { 'Ref': 'test234' }, 'Domain': 'vpc' } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_GenericDynamoDbTables(self): resources = { 'dynamodb_tables': { 'testTable': { 'name': 'testTable', 'attributes': [{ 'name': 'keyAttribute', 'type': 'S' }], 'key_schema': [ { 'name': 'keyAttribute', 'type': 'HASH' }, ], 'throughput': { 'read_units': 10, 'write_units': 1 }, 'stream': { 'type': "NEW_IMAGE" }, }, }, } expected = { "testTable": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "keyAttribute", "AttributeType": "S" }, ], "KeySchema": [ { "AttributeName": "keyAttribute", "KeyType": "HASH" }, ], "ProvisionedThroughput": { "ReadCapacityUnits": "10", "WriteCapacityUnits": "1" }, "StreamSpecification": { "StreamViewType": "NEW_IMAGE" }, "TableName": "testTable" } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_DMSSubnet(self): resources = { 'dms_subnetgroup': { 'TestDMSSubnetGroup': { 'description': 'Some Description...', 'subnets': ['testsubnet1', 'testsubnet2'], 'tags': { 'testtagkey1': 'testtagval1', 'testtagkey2': 'testtagval2' } } } } expected = { 'TestDMSSubnetGroup': { 'Type': 'AWS::DMS::ReplicationSubnetGroup', 'Properties': { 'ReplicationSubnetGroupIdentifier': 'TestDMSSubnetGroup', 'ReplicationSubnetGroupDescription': 'Some Description...', 'SubnetIds': [{ "Fn::ImportValue": { "Fn::Sub": [ "${VPCStack}-Subnet-testsubnet1", { "VPCStack": { "Ref": "VPCStack" } } ] } }, { "Fn::ImportValue": { "Fn::Sub": [ "${VPCStack}-Subnet-testsubnet2", { "VPCStack": { "Ref": "VPCStack" } } ] } }], 'Tags': [{ 'Key': 'testtagkey1', 'Value': 'testtagval1' }, { 'Key': 'testtagkey2', 'Value': 'testtagval2' }] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_ConfigRule(self): resources = { 'config_rule': { 'ConfigPublicPortCheck': { 'name': 'ConfigPublicPortCheck', 'description': 'Check for Public Ports on Security Groups', 'inputparams': { "AllowedPorts": [80, 443] }, 'maxfrequency': 'One_Hour', 'source': { 'owner': 'CUSTOM_LAMBDA', 'details': { 'aws.config': { 'frequency': 'One_Hour', 'messagetype': 'ScheduledNotification' } }, 'sourceid': 'configpublicportscheck' } } } } expected = { "ConfigPublicPortCheck": { "Properties": { "ConfigRuleName": "ConfigPublicPortCheck", "Description": "Check for Public Ports on Security Groups", "InputParameters": { "AllowedPorts": [80, 443] }, "MaximumExecutionFrequency": "One_Hour", "Source": { "Owner": "CUSTOM_LAMBDA", "SourceDetails": [{ "EventSource": "aws.config", "MaximumExecutionFrequency": "One_Hour", "MessageType": "ScheduledNotification" }], "SourceIdentifier": "configpublicportscheck" } }, "Type": "AWS::Config::ConfigRule" } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_ElastiCache(self): resources = { 'elasticache': { 'SimpleElastiCache': { 'name': 'some redis', 'cacheSubnetGroup': 'subnetGroup1', 'secgroups': ['securityGroup1'] } } } expected = { 'SimpleElastiCache': { 'Type': 'AWS::ElastiCache::CacheCluster', 'Properties': { 'CacheNodeType': 'cache.t2.micro', 'ClusterName': 'some redis', 'Engine': 'redis', 'NumCacheNodes': 1, 'CacheSubnetGroupName': { 'Fn::ImportValue': { 'Fn::Sub': [ '${CacheSubnetStack}-ElastiCache-subnetGroup1-Subnet', { 'CacheSubnetStack': { 'Ref': 'CacheSubnetStack' } } ] } }, 'VpcSecurityGroupIds': [{ 'Fn::ImportValue': { 'Fn::Sub': [ '${SecurityStack}-SecGroup-securityGroup1', { 'SecurityStack': { 'Ref': 'SecurityStack' } } ] } }] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_Route53Zone(self): resources = { 'route53_zone': { 'testr53zone': { 'name': 'example.com', 'comment': 'testzonecomment', 'hostedzone': { 'Name': 'testname', 'Tag2': 'testtagstuff' }, 'vpcs': { 'vpc-12345678': 'ap-southeast-2', 'vpc-87654321': 'us-west-2' } } } } expected = { 'testr53zone': { 'Type': 'AWS::Route53::HostedZone', 'Properties': { 'HostedZoneConfig': { 'Comment': 'testzonecomment' }, 'HostedZoneTags': [ { 'Key': 'Name', 'Value': 'testname' }, { 'Key': 'Tag2', 'Value': 'testtagstuff' } ], 'VPCs': [ { 'VPCId': 'vpc-87654321', 'VPCRegion': 'us-west-2' }, { 'VPCId': 'vpc-12345678', 'VPCRegion': 'ap-southeast-2' } ], 'Name': 'example.com' } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_ElastiCacheSubnet(self): resources = { 'elasticachesubnet': { 'TestElastiCacheSubnet': { 'name': 'Some Name', 'description': 'Some Description...', 'subnets': ['testsubnet1', 'testsubnet2'] } } } expected = { 'TestElastiCacheSubnet': { 'Type': 'AWS::ElastiCache::SubnetGroup', 'Properties': { 'CacheSubnetGroupName': 'Some Name', 'Description': 'Some Description...', 'SubnetIds': [{ "Fn::ImportValue": { "Fn::Sub": [ "${VPCStack}-Subnet-testsubnet1", { "VPCStack": { "Ref": "VPCStack" } } ] } }, { "Fn::ImportValue": { "Fn::Sub": [ "${VPCStack}-Subnet-testsubnet2", { "VPCStack": { "Ref": "VPCStack" } } ] } }] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_SNSTopicPolicy(self): resources = { 'snstopic': { 'test1': { 'policy': 'snsTopicPolicyDocument1', 'topics': [ 'topic1', 'topic2' ] } } } expected = { 'test1': { 'Type': 'AWS::SNS::TopicPolicy', 'Properties': { 'PolicyDocument': 'snsTopicPolicyDocument1', 'Topics': [{ 'Fn::ImportValue': { 'Fn::Sub': [ '${SNSStack}-SNS-topic1', { 'SNSStack': { 'Ref': 'SNSStack' } } ] } }, { 'Fn::ImportValue': { 'Fn::Sub': [ '${SNSStack}-SNS-topic2', { 'SNSStack': { 'Ref': 'SNSStack' } } ] } }] } } } self.maxDiff = None actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_ACM(self): resources = { "certificatemanager": { "shopkablamocomau": { "domainname": "shop.kablamo.com.au", "domainvalidationoptions": { "shop.kablamo.com.au": "kablamo.com.au", "www.shop.kablamo.com.au": "kablamo.com.au" }, "subjectalternativenames": ["www.shop.kablamo.com.au"], "tags": { "Name": "Shop Certificate" } } } } expected = { "shopkablamocomau": { "Properties": { "DomainName": "shop.kablamo.com.au", "DomainValidationOptions": [{ "DomainName": "www.shop.kablamo.com.au", "ValidationDomain": "kablamo.com.au" }, { "DomainName": "shop.kablamo.com.au", "ValidationDomain": "kablamo.com.au" }], "SubjectAlternativeNames": ["www.shop.kablamo.com.au"], "Tags": [{ "Key": "Name", "Value": "Shop Certificate" }] }, "Type": "AWS::CertificateManager::Certificate" } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_DMSInstance(self): resources = { 'dms_instance': { 'myDMS': { 'replicationinstanceclass': 'dms.t2.small' }, }, } expected = { "myDMSInstance": { "Type": "AWS::DMS::ReplicationInstance", "Properties": { "ReplicationInstanceClass": "dms.t2.small" } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_RedshiftSubnetGroup(self): resources = { 'redshift_subnetgroup': { 'testsubnetgroup': { 'description': 'somesubnetgroup', 'subnets': ['subnet1', 'subnet2'] } } } expected = { 'testsubnetgroup': { 'Type': 'AWS::Redshift::ClusterSubnetGroup', 'Properties': { 'Description': 'somesubnetgroup', 'SubnetIds': [{ "Fn::ImportValue": { "Fn::Sub": [ "${VPCStack}-Subnet-subnet1", { "VPCStack": { "Ref": "VPCStack" } } ] } }, { "Fn::ImportValue": { "Fn::Sub": [ "${VPCStack}-Subnet-subnet2", { "VPCStack": { "Ref": "VPCStack" } } ] } }] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_RDSParameterGroup(self): resources = { 'rdsparamsgroup': { 'TestRDSParamGroup': { 'description': 'Some Description...', 'family': 'MySQL5.1', 'parameters': { 'testparamkey1': 'testparamval1', 'testparamkey2': 'testparamval2' }, 'tags': { 'testtagkey1': 'testtagval1', 'testtagkey2': 'testtagval2' } } } } expected = { 'TestRDSParamGroup': { 'Type': 'AWS::RDS::DBParameterGroup', 'Properties': { 'Description': 'Some Description...', 'Family': 'MySQL5.1', 'Parameters': { 'testparamkey1': 'testparamval1', 'testparamkey2': 'testparamval2' }, 'Tags': [{ 'Key': 'testtagkey1', 'Value': 'testtagval1' }, { 'Key': 'testtagkey2', 'Value': 'testtagval2' }] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_Methods(self): method = { 'apiKeyRequired': True, 'authorizationType': 'NONE', 'authorizerId': 'authID', 'httpMethod': 'ANY', 'resource': 'testResource', } resources = { 'apigateway': { 'testapi': { 'name': API_NAME, 'methods': { 'testGetMethod': method, }, 'deployments': { 'deployment': {}, }, } } } expected = { 'testapi': DEFAULT_API, 'deployment': DEFAULT_API_DEPLOYMENT, 'testGetMethod': { 'Type': "AWS::ApiGateway::Method", 'Properties': { 'ApiKeyRequired': 'true', 'AuthorizationType': method['authorizationType'], 'AuthorizerId': method['authorizerId'], 'HttpMethod': method['httpMethod'], 'ResourceId': { 'Ref': method['resource'] }, 'RestApiId': { 'Ref': 'testapi' }, } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_Outputs(self): resources = { 'apigateway': { 'testapi': {}, } } expected = { 'testapi': { 'Export': { 'Name': { 'Fn::Sub': '${AWS::StackName}-API-testapi' } }, 'Value': { 'Ref': 'testapi' }, 'Description': 'testapi API gateway', }, } actual = templateCF(resources, 'outputs') self.assertDictEqual(actual, expected)
def test_templateCF_KMS(self): resources = { 'kms': { 'testkey': { 'description': 'testkeydescription', 'enabled': True, 'rotation': True, 'policy': '{ "somejsonobj": "something" }', 'aliasname': 'testkeyalias' } } } expected = { 'testkey': { 'Type': 'AWS::KMS::Key', 'Properties': { 'Description': 'testkeydescription', 'Enabled': 'true', 'EnableKeyRotation': 'true', 'KeyPolicy': { 'somejsonobj': 'something' } } }, 'testkeyAlias': { 'Type': 'AWS::KMS::Alias', 'Properties': { 'AliasName': 'alias/testkeyalias', 'TargetKeyId': { 'Ref': 'testkey' } } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_SQS(self): resources = { 'sqs': { 'testQueue': { 'name': 'testQueueName', 'delay': 20, 'maxsize': 10, 'retention': 1024, 'waittime': 30, 'redirectpolicy': { 'deadletterqueue': 'abc', 'count': 3 }, 'visibilitytimeout': 60 } } } expected = { "testQueue": { "Type": "AWS::SQS::Queue", "Properties": { "DelaySeconds": "20", "MaximumMessageSize": "10", "MessageRetentionPeriod": "1024", "QueueName": "testQueueName", "ReceiveMessageWaitTimeSeconds": "30", "RedrivePolicy": { "deadLetterTargetArn": {"Fn::GetAtt": ["abc", "Arn"]}, "maxReceiveCount": "3" }, "VisibilityTimeout": "60" } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_RedshiftCluster(self): resources = { 'redshift': { 'simplecluster': { 'clustersubnetgroupname': 'testclustersubnetgroupname', 'dbname': 'testdbname', 'masterusername': '******', 'nodetype': 'dw.hs1.xlarge', 'maintenancewindow': '21:30-22:00', 'secgroupid': ['sg-1234567'] }, 'complexcluster': { 'allowupgrade': True, 'automatedsnapshotretentionperiod': 300, 'az': 'ap-southeast-2c', 'clusterparamsgroup': 'testclusterparamsgroup', 'clustersubnetgroupname': 'testclustersubnetgroupname', 'clustertype': 'multi-node', 'clusterversion': '1.2.3', 'dbname': 'testdbname', 'eip': '1.2.3.4', 'encrypted': False, 'hsmclientcertificateidentifier': 'testhsmclientcertid', 'hsmconfigurationidentifier': 'testhsmconfigid', 'iamroles': ['iamrole1', 'iamrole2'], 'kmskeyid': 'testkmskeyid', 'masterusername': '******', 'nodetype': 'dw.hs1.xlarge', 'numberofnodes': 4, 'owneraccount': '123456789012', 'port': '45439', 'maintenancewindow': '21:30-22:00', 'public': True, 'snapshotidentifier': 'snap-12345678', 'snapshotclusteridentifier': 'snap-87654321', 'secgroupid': ['sg-1234567', 'sg-7654321'] } } } expected = { 'simplecluster': { 'Type': 'AWS::Redshift::Cluster', 'Properties': { 'ClusterSubnetGroupName': { 'Fn::ImportValue': { 'Fn::Sub': [ '${RedshiftSubnetGroupStack}-Subnet-testclustersubnetgroupname', { 'RedshiftSubnetGroupStack': { 'Ref': 'RedshiftSubnetGroupStack' } } ] } }, 'DBName': 'testdbname', 'Encrypted': 'true', 'MasterUsername': '******', 'MasterUserPassword': { 'Ref': 'DBPassword' }, 'NodeType': 'dw.hs1.xlarge', 'Port': 5439, 'PreferredMaintenanceWindow': '21:30-22:00', 'PubliclyAccessible': 'false', 'VpcSecurityGroupIds': ['sg-1234567'] } }, 'complexcluster': { 'Type': 'AWS::Redshift::Cluster', 'Properties': { 'AllowVersionUpgrade': 'true', 'AutomatedSnapshotRetentionPeriod': '300', 'AvailabilityZone': 'ap-southeast-2c', 'ClusterParameterGroupName': { 'Fn::ImportValue': { 'Fn::Sub': [ '${RedshiftParamsGroupStack}-ParamsGroup-testclusterparamsgroup', { 'RedshiftParamsGroupStack': { 'Ref': 'RedshiftParamsGroupStack' } } ] } }, 'ClusterSubnetGroupName': { 'Fn::ImportValue': { 'Fn::Sub': [ '${RedshiftSubnetGroupStack}-Subnet-testclustersubnetgroupname', { 'RedshiftSubnetGroupStack': { 'Ref': 'RedshiftSubnetGroupStack' } } ] } }, 'ClusterType': 'multi-node', 'ClusterVersion': '1.2.3', 'DBName': 'testdbname', 'ElasticIp': '1.2.3.4', 'Encrypted': 'false', 'HsmClientCertificateIdentifier': 'testhsmclientcertid', 'HsmConfigurationIdentifier': 'testhsmconfigid', 'IamRoles': [{ "Fn::ImportValue": { "Fn::Sub": [ "${IAMRoleStack}-iamrole1", { "IAMRoleStack": { "Ref": "IAMRoleStack" } } ] } }, { "Fn::ImportValue": { "Fn::Sub": [ "${IAMRoleStack}-iamrole2", { "IAMRoleStack": { "Ref": "IAMRoleStack" } } ] } }], 'KmsKeyId': { 'Fn::ImportValue': { 'Fn::Sub': [ '${KMSStack}-KMS-testkmskeyid', { 'KMSStack': { 'Ref': 'KMSStack' } } ] } }, 'MasterUsername': '******', 'MasterUserPassword': { 'Ref': 'DBPassword' }, 'NodeType': 'dw.hs1.xlarge', 'NumberOfNodes': 4, 'OwnerAccount': '123456789012', 'Port': 45439, 'PreferredMaintenanceWindow': '21:30-22:00', 'PubliclyAccessible': 'true', 'SnapshotClusterIdentifier': 'snap-87654321', 'SnapshotIdentifier': 'snap-12345678', 'VpcSecurityGroupIds': ['sg-1234567', 'sg-7654321'] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_MicrosoftAD(self): resources = { 'microsoftad': { 'testad': { 'createalias': True, 'enablesso': True, 'name': 'example.com', 'password': '******', 'shortname': 'ABC', 'subnets': ['subnet1', 'subnet2'] } } } expected = { 'testad': { 'Type': 'AWS::DirectoryService::MicrosoftAD', 'Properties': { 'CreateAlias': 'true', 'EnableSso': 'true', 'Name': 'example.com', 'Password': '******', 'ShortName': 'ABC', 'VpcSettings': { 'SubnetIds': [{ 'Fn::ImportValue': { 'Fn::Sub': [ '${VPCStack}-Subnet-subnet1', { 'VPCStack': { 'Ref': 'VPCStack' } } ] } }, { 'Fn::ImportValue': { 'Fn::Sub': [ '${VPCStack}-Subnet-subnet2', { 'VPCStack': { 'Ref': 'VPCStack' } } ] } }], 'VpcId': { 'Fn::ImportValue': { 'Fn::Sub': [ '${VPCStack}-VPC-VPCid', { 'VPCStack': { 'Ref': 'VPCStack' } } ] } } } } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_SecurityGroups(self): resources = { 'securitygroups': { 'StuffSecurity': { 'sg_description': 'The stuff security group', 'ingress': [['icmp', -1, -1, 'VPCCIDR'], ['icmp', -1, -1, 'SydIpRange'], ['tcp', 5432, 5432, 'StuffSecurity', 'SG_REF_VPC']], 'egress': [['icmp', -1, -1, 'CoreIpRange'], ['tcp', 21, 21, 'GlobalIpRange'], ['tcp', 22, 22, 'GlobalIpRange']] } } } expected = { "StuffSecurity": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Fn::ImportValue": { "Fn::Sub": [ "${VPCStack}-VPCid", { "VPCStack": { "Ref": "VPCStack" } } ] } }, "Tags": [{ "Key": "Name", "Value": "StuffSecurity" }], "GroupDescription": "The stuff security group", "SecurityGroupIngress": [{ "IpProtocol": "icmp", "FromPort": "-1", "ToPort": "-1", "CidrIp": { "Ref": "VPCCIDR" } }, { "IpProtocol": "icmp", "FromPort": "-1", "ToPort": "-1", "CidrIp": { "Ref": "SydIpRange" } }, { "IpProtocol": "tcp", "FromPort": "5432", "ToPort": "5432", "SourceSecurityGroupId": { "Ref": "StuffSecurity" } }], "SecurityGroupEgress": [{ "IpProtocol": "icmp", "FromPort": "-1", "ToPort": "-1", "CidrIp": { "Ref": "CoreIpRange" } }, { "IpProtocol": "tcp", "FromPort": "21", "ToPort": "21", "CidrIp": { "Ref": "GlobalIpRange" } }, { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "GlobalIpRange" } }] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_ElasticSearch(self): self.maxDiff = None resources = { "elasticsearch": { "ElasticSearchTest": { "version": 5.5, "dedicatedmaster": True, "instancecount": 4, "instancetype": "m4.large.elasticsearch", "mastertype": "m4.large.elasticsearch", "mastercount": 2, "zoneid": "testaws", "zonesuffix": "test.aws", "ebsoptions": { "iops": 0, "size": 60, "type": "gp2" }, "snapshotoptions": { "AutomatedSnapshotStartHour": 0 }, "advancedoptions": { "rest.action.multi.allow_explicit_index": "true" }, "policy": { "Action": "*", "Effect": "Allow", "Resource": "*" } } } } expected = { "ElasticSearchTest": { "Properties": { "AccessPolicies": { "Statement": [{ "Action": "*", "Effect": "Allow", "Resource": "*" }], "Version": "2012-10-17" }, "AdvancedOptions": { "rest.action.multi.allow_explicit_index": "true" }, "DomainName": "ElasticSearchTest", "EBSOptions": { "EBSEnabled": "true", "Iops": 0, "VolumeSize": 60, "VolumeType": "gp2" }, "ElasticsearchClusterConfig": { "DedicatedMasterCount": "2", "DedicatedMasterEnabled": "true", "DedicatedMasterType": "m4.large.elasticsearch", "InstanceCount": "4", "InstanceType": "m4.large.elasticsearch", "ZoneAwarenessEnabled": "true" }, "ElasticsearchVersion": "5.5", "SnapshotOptions": { "AutomatedSnapshotStartHour": "0" } }, "Type": "AWS::Elasticsearch::Domain" }, "ElasticSearchTestDNS": { "Properties": { "Comment": "ElasticSearchTest Records by default", "HostedZoneId": { "Fn::ImportValue": { "Fn::Sub": [ "${DNSStack}-Route53-testaws-Zone", { "DNSStack": { "Ref": "DNSStack" } } ] } }, "RecordSets": [{ "Name": "ElasticSearchTest.es.test.aws", "ResourceRecords": [{ "Fn::GetAtt": ["ElasticSearchTest", "DomainEndpoint"] }], "SetIdentifier": "ElasticSearchTest.es.test.aws", "TTL": "60", "Type": "CNAME", "Weight": "10" }] }, "Type": "AWS::Route53::RecordSetGroup" } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_IAMPolicies(self): resources = { 'iam_policies': { 'Policies': [ { 'Name': 'SimplePolicy', 'PolicyDocument': "{\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n}" }, { 'Name': 'ComplexPolicy', 'PolicyDocument': "{\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n}", 'ManagedPolicys': [ 'Policy1', 'Policy2' ], 'Roles': [ 'Role1', 'Role2' ], 'Groups': [ 'Group1', 'Group2' ] } ] } } expected = { 'SimplePolicy': { 'Type': 'AWS::IAM::Policy', 'Properties': { 'PolicyName': 'SimplePolicy', 'PolicyDocument': { 'Version': '2012-10-17', 'Statement': [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] } } }, 'ComplexPolicy': { 'Type': 'AWS::IAM::Policy', 'Properties': { 'PolicyName': 'ComplexPolicy', 'PolicyDocument': { 'Version': '2012-10-17', 'Statement': [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] }, 'ManagedPolicyArns': [ 'arn:aws:iam::aws:policy/Policy1', 'arn:aws:iam::aws:policy/Policy2' ], 'Roles': [ { 'Fn::ImportValue': { 'Fn::Sub': 'Role1' } }, { 'Fn::ImportValue': { 'Fn::Sub': 'Role2' } } ], 'Groups': [ { 'Fn::ImportValue': { 'Fn::Sub': 'Group1' } }, { 'Fn::ImportValue': { 'Fn::Sub': 'Group2' } } ] } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_IAMUsersGroups(self): resources = { 'iam_users': { 'Users': { 'IAM-F.Last': { 'Groups': [ 'NormalGroup' ] }, 'IAM-F.Last2': { 'Groups': [ 'NormalGroup', 'MissingGroup' ] }, 'IAM-F.Last3': { 'Groups': [ ] } }, 'Groups': { 'NormalGroup': { }, 'UnassignedGroup': { } } } } expected = { 'IAMFLast': { 'Type': 'AWS::IAM::User', 'Properties': { 'Groups': [ { 'Ref': 'NormalGroup' } ], 'Path': { 'Fn::Join': [ '', [ '/', { 'Ref': 'AccountName' }, '/IAM/Users/' ] ] }, 'UserName': '******' } }, 'IAMFLast2': { 'Type': 'AWS::IAM::User', 'Properties': { 'Groups': [ { 'Ref': 'NormalGroup' }, { 'Ref': 'MissingGroup' } ], 'Path': { 'Fn::Join': [ '', [ '/', { 'Ref': 'AccountName' }, '/IAM/Users/' ] ] }, 'UserName': '******' } }, 'IAMFLast3': { 'Type': 'AWS::IAM::User', 'Properties': { 'Groups': [ ], 'Path': { 'Fn::Join': [ '', [ '/', { 'Ref': 'AccountName' }, '/IAM/Users/' ] ] }, 'UserName': '******' } }, 'NormalGroup': { 'Type': 'AWS::IAM::Group', 'Properties': { 'GroupName': 'NormalGroup', 'Path': { 'Fn::Join': [ '', [ '/', { 'Ref': 'AccountName' }, '/IAM/Groups/' ] ] } } }, 'UnassignedGroup': { 'Type': 'AWS::IAM::Group', 'Properties': { 'GroupName': 'UnassignedGroup', 'Path': { 'Fn::Join': [ '', [ '/', { 'Ref': 'AccountName' }, '/IAM/Groups/' ] ] } } } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)
def test_templateCF_IAMRolesInstanceProfiles(self): resources = { 'iam_roles': { 'Roles': { 'SimpleRole': { 'RoleName': 'SimpleRole', 'ReverseTrust': [ 'arn:aws:iam::123456789012:root' ] }, 'ComplexRole': { 'RoleName': 'ComplexRole', 'ManagedPolicys': [ 'Policy1', 'Policy2' ], 'MFA_Required': True, 'ReverseTrust': [ 'arn:aws:iam::123456789012:root', 'arn:aws:iam::987654321098:root' ], 'DependsOn': 'SimpleRole' } }, 'InstanceProfiles': { 'SimpleInstProf': { 'RoleName': 'SimpleInstProf', 'Type': 'ec2' }, 'ComplexInstProf': { 'RoleName': 'ComplexInstProf', 'Type': 'ec2', 'ManagedPolicys': [ 'Policy3', 'Policy4' ] } } } } expected = { 'SimpleRole': { 'Type': 'AWS::IAM::Role', 'Properties': { 'AssumeRolePolicyDocument': { 'Version': '2012-10-17', 'Statement': [{ 'Effect': 'Allow', 'Principal': { 'AWS': [ 'arn:aws:iam::123456789012:root' ] }, 'Action': [ 'sts:AssumeRole' ] }] }, 'RoleName': 'SimpleRole' } }, 'ComplexRole': { 'Type': 'AWS::IAM::Role', 'Properties': { 'ManagedPolicyArns': [ 'arn:aws:iam::aws:policy/Policy1', 'arn:aws:iam::aws:policy/Policy2' ], 'AssumeRolePolicyDocument': { 'Version': '2012-10-17', 'Statement': [{ 'Effect': 'Allow', 'Principal': { 'AWS': [ 'arn:aws:iam::123456789012:root', 'arn:aws:iam::987654321098:root' ] }, 'Condition': { 'Bool': { 'aws:MultiFactorAuthPresent': 'true' } }, 'Action': [ 'sts:AssumeRole' ] }] }, 'RoleName': 'ComplexRole' }, 'DependsOn': 'SimpleRole' }, 'SimpleInstProf': { 'Type': 'AWS::IAM::Role', 'Properties': { 'AssumeRolePolicyDocument': { 'Version': '2012-10-17', 'Statement': [{ 'Effect': 'Allow', 'Principal': { 'Service': 'ec2.amazonaws.com' }, 'Action': ['sts:AssumeRole'] }] }, 'Path': { 'Fn::Join': [ '', [ '/', { 'Ref': 'AccountName' }, '/IAM/InstanceRoles/' ] ] }, 'RoleName': 'SimpleInstProf' } }, 'SimpleInstProfInstanceProfile': { 'Type': 'AWS::IAM::InstanceProfile', 'Properties': { 'InstanceProfileName': 'SimpleInstProf', 'Roles': [{ 'Ref': 'SimpleInstProf' }] }, 'DependsOn': 'SimpleInstProf' }, 'ComplexInstProf': { 'Type': 'AWS::IAM::Role', 'Properties': { 'AssumeRolePolicyDocument': { 'Version': '2012-10-17', 'Statement': [{ 'Effect': 'Allow', 'Principal': { 'Service': 'ec2.amazonaws.com' }, 'Action': ['sts:AssumeRole'] }] }, 'ManagedPolicyArns': [ 'arn:aws:iam::aws:policy/Policy3', 'arn:aws:iam::aws:policy/Policy4' ], 'Path': { 'Fn::Join': [ '', [ '/', { 'Ref': 'AccountName' }, '/IAM/InstanceRoles/' ] ] }, 'RoleName': 'ComplexInstProf' } }, 'ComplexInstProfInstanceProfile': { 'Type': 'AWS::IAM::InstanceProfile', 'Properties': { 'InstanceProfileName': 'ComplexInstProf', 'Roles': [{ 'Ref': 'ComplexInstProf' }] }, 'DependsOn': 'ComplexInstProf' } } actual = templateCF(resources, 'resources') self.assertDictEqual(actual, expected)