def test_infra(sess_mock): sess_mock.return_value = True session = BotoSession() infra = Infra('Test', session) vpc_stack = infra.add_stack(vpc.VPCStack()) s3_one = infra.add_stack(s3.S3Stack('one')) s3_two = infra.add_stack(s3.S3Stack('two')) # test find stack vpc_find = infra.find_stack(vpc.VPCStack) assert isinstance(vpc_find, (vpc.VPCStack)) assert infra.find_stack(s3.S3Stack, 'one').stack_name == 'one' assert infra.find_stack(s3.S3Stack, 'two').stack_name == 'two' # test list_stacks assert len(infra.list_stacks()) == 3 # test sub sub = infra.create_sub_infra('sub') sub_sub = sub.create_sub_infra('sub') assert sub_sub.prefix == ['sub', 'sub']
def infra(): infra = Infra("test") prod_infra = infra.create_sub_infra("prod") iam_stack = prod_infra.add_stack(iam.IAMStack("roles")) web_profile = iam_stack.add_role(iam.EC2AdminProfile("test")) vpc_stack = prod_infra.add_stack(vpc.VPCStack()) eip_stack = prod_infra.add_stack(eip.EIPStack("test")) ebs_stack = prod_infra.add_stack(ebs.EBSStack("test", vpc_stack)) sns_stack = prod_infra.add_stack(sns.SNSTopicStack('test')) return { 'infra': infra, 'prod_infra': prod_infra, 'iam_stack': iam_stack, 'web_profile': web_profile, 'vpc_stack': vpc_stack, 'eip_stack': eip_stack, 'ebs_stack': ebs_stack, 'sns_stack': sns_stack }
def common_stacks(infra): # add VPC Stack vpc_stack = infra.add_stack(vpc.VPCStack()) # security groups sf_sg = vpc_stack.add_security_group(vpc.SelfReferenceSecurityGroup()) ssh_sg = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSHAll")) web_sg = vpc_stack.add_security_group(vpc.WebSecurityGroup("WebAll")) # s3 stack s3_stack = infra.add_stack(s3.S3Stack("MediaBuckets")) pub_media_bucket = s3_stack.add_bucket(s3.S3Bucket("Media")) pub_media_bucket.public = True # iam stack iam_stack = infra.add_stack(iam.IAMStack("BaseRoles")) # ec2 profile ec2_profile = iam_stack.add_role(iam.EC2Profile("WebServer")) # give role write access to the s3 bucket ec2_profile.add_policy(iam.S3FullBucketAccess(pub_media_bucket)) # create a user for codedeploy codedeploy_user = iam_stack.add_user(iam.IAMUser('CodeDeoloyUser')) # alarms alarm_stack = infra.add_stack(alarms.AlarmStack("Alarms")) alarm_stack.add_topic(sns_stack)
def test_ssh_sec_group(prod_infra): infra = prod_infra[0] prod_infra = prod_infra[1] vpc_stack = prod_infra.add_stack(vpc.VPCStack()) vpc_stack.num_azs = 3 ssh_sg = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSH")) t = vpc_stack.build_template() assert isinstance(ssh_sg, vpc.SSHSecurityGroup) sg_dict = t.resources['SSHSecurityGroup'].to_dict() assert sg_dict['Properties']['SecurityGroupIngress'][0]['ToPort'] == 22 assert sg_dict['Properties']['SecurityGroupIngress'][0]['FromPort'] == 22 assert sg_dict['Properties']['SecurityGroupIngress'][0][ 'CidrIp'] == '0.0.0.0/0' ssh_sg2 = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSH2")) ssh_sg2.allow_cidr('1.2.3.4/5') t = vpc_stack.build_template() sg_dict = t.resources['SSH2SecurityGroup'].to_dict() assert sg_dict['Properties']['SecurityGroupIngress'][0]['ToPort'] == 22 assert sg_dict['Properties']['SecurityGroupIngress'][0]['FromPort'] == 22 assert sg_dict['Properties']['SecurityGroupIngress'][0][ 'CidrIp'] == '1.2.3.4/5' assert ssh_sg.output_security_group() == "ProdTestVPCSSHSecurityGroup"
def test_infra(): infra = Infra('test') test_infra = infra.create_sub_infra('test') vpc_stack = test_infra.add_stack(vpc.VPCStack()) return {'infra': infra, 'test_infra': test_infra, 'vpc_stack': vpc_stack}
def test_nat_gateway(prod_infra): infra = prod_infra[0] prod_infra = prod_infra[1] vpc_stack = prod_infra.add_stack(vpc.VPCStack()) vpc_stack.num_azs = 3 eip_stack = prod_infra.add_stack(eip.EIPStack()) nat_eip = eip_stack.add_ip("NatEip") # test eip introspection with pytest.raises(Exception) as e: vpc_stack.add_nat_gateway(eip_stack) assert "EIP Instance" in str(e) # try with real EIP vpc_stack.add_nat_gateway(nat_eip) t = vpc_stack.build_template() res = t.resources assert isinstance(res['NatGateway'], (troposphere.ec2.NatGateway)) print(res['NatGatewayRoute'].to_dict())
def test_infra(): infra = stackformation.Infra('test') test_infra = infra.create_sub_infra('test') vpc_stack = test_infra.add_stack(vpc.VPCStack()) return (infra, test_infra, vpc_stack)
def test_add_sec_group(prod_infra): infra = prod_infra[0] prod_infra = prod_infra[1] vpc_stack = prod_infra.add_stack(vpc.VPCStack()) vpc_stack.num_azs = 3 with pytest.raises(Exception) as e: vpc_stack.add_security_group(infra)
def test_base_sec_group(prod_infra): infra = prod_infra[0] prod_infra = prod_infra[1] vpc_stack = prod_infra.add_stack(vpc.VPCStack()) vpc_stack.num_azs = 3 base_sg = vpc_stack.add_security_group(vpc.SecurityGroup('base')) with pytest.raises(Exception) as e: vpc_stack.build_template() assert "Must implement" in str(e)
def test_find_sec_group(prod_infra): infra = prod_infra[0] prod_infra = prod_infra[1] vpc_stack = prod_infra.add_stack(vpc.VPCStack()) vpc_stack.num_azs = 3 ssh_sg = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSH")) web_sg = vpc_stack.add_security_group(vpc.WebSecurityGroup("Web")) find_ssh = vpc_stack.find_security_group(vpc.SSHSecurityGroup) find_web = vpc_stack.find_security_group(vpc.WebSecurityGroup) assert isinstance(find_ssh, vpc.SSHSecurityGroup) assert isinstance(find_web, vpc.WebSecurityGroup)
def test_all_ports_sec_group(prod_infra): infra = prod_infra[0] prod_infra = prod_infra[1] vpc_stack = prod_infra.add_stack(vpc.VPCStack()) vpc_stack.num_azs = 3 ap_sg = vpc_stack.add_security_group(vpc.AllPortsSecurityGroup("Test")) t = vpc_stack.build_template() sg = t.resources['TestAllPortsSecurityGroup'].to_dict() assert sg['Properties']['SecurityGroupIngress'][0]['ToPort'] == '-1' assert sg['Properties']['SecurityGroupIngress'][0]['FromPort'] == '-1' assert sg['Properties']['SecurityGroupIngress'][0]['CidrIp'] == '0.0.0.0/0'
def infra(): infra = Infra("test") prod_infra = infra.create_sub_infra("prod") iam_stack = prod_infra.add_stack(iam.IAMStack("roles")) web_profile = iam_stack.add_role(iam.EC2AdminProfile("test")) vpc_stack = prod_infra.add_stack(vpc.VPCStack()) eip_stack = prod_infra.add_stack(eip.EIPStack("test")) ebs_stack = prod_infra.add_stack(ebs.EBSStack("test", vpc_stack)) return (infra, prod_infra, iam_stack, web_profile, vpc_stack, eip_stack, ebs_stack)
def test_vpc_stack(prod_infra): infra = prod_infra[0] prod_infra = prod_infra[1] vpc_stack = prod_infra.add_stack(vpc.VPCStack()) assert isinstance(vpc_stack, vpc.VPCStack) t = vpc_stack.build_template() assert len(vpc_stack.output_azs()) == 2 assert len(vpc_stack.output_private_subnets()) == 2 assert len(vpc_stack.output_public_subnets()) == 2 assert vpc_stack.output_vpc() == "ProdTestVPCVpcId" assert vpc_stack.output_public_routetable( ) == "ProdTestVPCPublicRouteTable" assert vpc_stack.output_private_routetable( ) == "ProdTestVPCPrivateRouteTable" assert vpc_stack.output_default_acl_table() == "ProdTestVPCDefaultAclTable"
def test_web_sec_group(prod_infra): infra = prod_infra[0] prod_infra = prod_infra[1] vpc_stack = prod_infra.add_stack(vpc.VPCStack()) vpc_stack.num_azs = 3 web_sg = vpc_stack.add_security_group(vpc.WebSecurityGroup("Web")) t = vpc_stack.build_template() sg = t.resources['WebSecurityGroup'].to_dict() assert sg['Properties']['SecurityGroupIngress'][0]['ToPort'] == 80 assert sg['Properties']['SecurityGroupIngress'][0]['FromPort'] == 80 assert sg['Properties']['SecurityGroupIngress'][0]['CidrIp'] == '0.0.0.0/0' assert sg['Properties']['SecurityGroupIngress'][1]['ToPort'] == 443 assert sg['Properties']['SecurityGroupIngress'][1]['FromPort'] == 443 assert sg['Properties']['SecurityGroupIngress'][1]['CidrIp'] == '0.0.0.0/0' assert web_sg.output_security_group() == "ProdTestVPCWebSecurityGroup"
def common_stacks(infra): # create VPC vpc_stack = infra.add_stack(vpc.VPCStack())