def test_caches_session_for_account_id(self):
sts_client = mocks.build_sts_client_mock()
peering_role_name = randoms.role_name()
account_id = randoms.account_id()
expected_credentials, assume_role_mock = \
mocks.build_sts_assume_role_mock()
sts_client.assume_role = assume_role_mock
session_store = SessionStore(sts_client, peering_role_name)
first_session = session_store.get_session_for(account_id)
second_session = session_store.get_session_for(account_id)
self.assertEqual(len(sts_client.assume_role.mock_calls), 1)
self.assertEqual(first_session, second_session)
def test_returns_ec2_client_for_region_from_session(self):
session = mock.Mock(name='Session')
account_id = randoms.account_id()
region = randoms.region()
expected_client = mock.Mock(name='EC2 Client')
session.client = mock.Mock(name='Client', return_value=expected_client)
ec2_gateway = EC2Gateway(session, account_id, region)
actual_client = ec2_gateway.client()
session_client_calls = session.client.mock_calls
self.assertEqual(len(session_client_calls), 1)
session_client_call = session_client_calls[0]
self.assertEqual(session_client_call, mock.call('ec2', region))
self.assertEqual(actual_client, expected_client)
def test_logs_that_route_creation_failed_and_continues_on_exception(self):
account_id = randoms.account_id()
region_1 = randoms.region()
region_2 = randoms.region()
vpc1 = VPC(mocks.build_vpc_response_mock(), account_id, region_1)
vpc2 = VPC(mocks.build_vpc_response_mock(), account_id, region_2)
ec2_gateway_1 = mocks.EC2Gateway(account_id, region_1)
ec2_gateway_2 = mocks.EC2Gateway(account_id, region_2)
ec2_gateways = mocks.EC2Gateways([ec2_gateway_1, ec2_gateway_2])
logger = Mock()
vpc1_route_table_1 = Mock(name="VPC 1 route table 1")
ec2_gateway_1.resource().route_tables = Mock(
name="VPC route tables")
ec2_gateway_1.resource().route_tables.filter = Mock(
name="Filtered VPC route tables",
return_value=iter([vpc1_route_table_1]))
vpc_peering_connection = Mock(name="VPC peering connection")
vpc_peering_relationship = Mock()
vpc_peering_relationship.fetch = Mock(
return_value=vpc_peering_connection)
create_route_error = \
ClientError({'Error': {'Code': '123'}}, 'something')
vpc1_route_table_1.create_route = Mock(
side_effect=create_route_error)
vpc_peering_routes = VPCPeeringRoute(
ec2_gateways,
logger,
between=[vpc1, vpc2],
peering_relationship=vpc_peering_relationship)
vpc_peering_routes.provision()
logger.warn.assert_any_call(
"Route creation failed for '%s'. Error was: %s",
vpc1_route_table_1.id, create_route_error)
def test_constructs_peering_relationship_for_vpcs(self):
vpc1 = mocks.build_vpc_response_mock(name="VPC 1")
vpc2 = mocks.build_vpc_response_mock(name="VPC 2")
account_id = randoms.account_id()
region = randoms.region()
ec2_gateways = mocks.EC2Gateways([mocks.EC2Gateway(account_id, region)])
logger = Mock(name="Logger")
vpc_link = VPCLink(
ec2_gateways,
logger,
between=[vpc1, vpc2],
routes=[[vpc1, vpc2]])
self.assertEqual(
vpc_link.peering_relationship,
VPCPeeringRelationship(ec2_gateways, logger, between=[vpc1, vpc2]))
def test_creates_routes_in_vpc1_for_vpc2_via_peering_connection(self):
account_id = randoms.account_id()
region_1 = randoms.region()
region_2 = randoms.region()
vpc1 = VPC(mocks.build_vpc_response_mock(), account_id, region_1)
vpc2 = VPC(mocks.build_vpc_response_mock(), account_id, region_2)
ec2_gateway_1 = mocks.EC2Gateway(account_id, region_1)
ec2_gateway_2 = mocks.EC2Gateway(account_id, region_2)
ec2_gateways = mocks.EC2Gateways([ec2_gateway_1, ec2_gateway_2])
logger = Mock()
vpc1_route_table_1 = Mock(name="VPC 1 route table 1")
vpc1_route_table_2 = Mock(name="VPC 1 route table 2")
ec2_gateway_1.resource().route_tables = Mock(
name="VPC route tables")
ec2_gateway_1.resource().route_tables.filter = Mock(
name="Filtered VPC route tables",
return_value=iter([vpc1_route_table_1, vpc1_route_table_2]))
vpc_peering_connection = Mock(name="VPC peering connection")
vpc_peering_relationship = Mock()
vpc_peering_relationship.fetch = Mock(
return_value=vpc_peering_connection)
vpc_peering_route = VPCPeeringRoute(
ec2_gateways,
logger,
between=[vpc1, vpc2],
peering_relationship=vpc_peering_relationship)
vpc_peering_route.provision()
vpc1_route_table_1.create_route.assert_called_with(
DestinationCidrBlock=vpc2.cidr_block,
VpcPeeringConnectionId=vpc_peering_connection.id)
vpc1_route_table_2.create_route.assert_called_with(
DestinationCidrBlock=vpc2.cidr_block,
VpcPeeringConnectionId=vpc_peering_connection.id)
def test_returns_ec2_resource_for_region_from_session(self):
session = mock.Mock(name='Session')
account_id = randoms.account_id()
region = randoms.region()
expected_resource = mock.Mock(name='EC2 Resource')
session.resource = mock.Mock(name='Resource',
return_value=expected_resource)
ec2_gateway = EC2Gateway(session, account_id, region)
actual_resource = ec2_gateway.resource()
session_resource_calls = session.resource.mock_calls
self.assertEqual(len(session_resource_calls), 1)
session_resource_call = session_resource_calls[0]
self.assertEqual(session_resource_call, mock.call('ec2', region))
self.assertEqual(actual_resource, expected_resource)
def test_ignores_missing_dependencies(self):
account_id = randoms.account_id()
region = randoms.region()
vpc1_id = randoms.vpc_id()
vpc_1_response = mocks.build_vpc_response_mock(
name='VPC 1',
id=vpc1_id,
tags=builders.build_vpc_tags(
component="thing1",
deployment_identifier="gold",
dependencies=["thing2-silver", "thing3-bronze"]))
vpc_2_response = mocks.build_vpc_response_mock(
name='VPC 2',
tags=builders.build_vpc_tags(component="thing2",
deployment_identifier="silver",
dependencies=[]))
vpc_1 = VPC(vpc_1_response, account_id, region)
vpc_2 = VPC(vpc_2_response, account_id, region)
ec2_gateway = mocks.EC2Gateway(account_id, region)
ec2_gateways = mocks.EC2Gateways([ec2_gateway])
logger = Mock(name="Logger")
ec2_gateway.resource().vpcs.all = Mock(
name="All VPCs", return_value=[vpc_1_response, vpc_2_response])
vpc_links = VPCLinks(ec2_gateways, logger)
resolved_vpc_links = vpc_links.resolve_for(account_id, vpc1_id)
self.assertEqual(len(resolved_vpc_links), 1)
self.assertEqual(
resolved_vpc_links, {
VPCLink(ec2_gateways,
logger,
between=[vpc_1, vpc_2],
routes=[[vpc_1, vpc_2]])
})
def test_handles_no_matching_route_tables(self):
region_1 = randoms.region()
region_2 = randoms.region()
account_id = randoms.account_id()
peering_connection_id = randoms.peering_connection_id()
vpc1 = VPC(mocks.build_vpc_response_mock(), account_id, region_1)
vpc2 = VPC(mocks.build_vpc_response_mock(), account_id, region_2)
ec2_gateway_1 = mocks.EC2Gateway(account_id, region_1)
ec2_gateway_2 = mocks.EC2Gateway(account_id, region_2)
ec2_gateways = mocks.EC2Gateways([ec2_gateway_1, ec2_gateway_2])
logger = Mock()
ec2_gateway_1.resource().route_tables = Mock(
name="VPC route tables")
ec2_gateway_1.resource().route_tables.filter = Mock(
name="Filtered VPC route tables",
return_value=[])
vpc_peering_connection = Mock(name="VPC peering connection")
vpc_peering_connection.id = peering_connection_id
vpc_peering_relationship = Mock()
vpc_peering_relationship.fetch = Mock(
return_value=vpc_peering_connection)
vpc_peering_routes = VPCPeeringRoute(
ec2_gateways,
logger,
between=[vpc1, vpc2],
peering_relationship=vpc_peering_relationship)
try:
vpc_peering_routes.destroy()
except Exception as exception:
self.fail(
'Expected no exception but encountered: {0}'.format(exception))
def test_logs_that_route_creation_succeeded(self):
account_id = randoms.account_id()
region_1 = randoms.region()
region_2 = randoms.region()
vpc1 = VPC(mocks.build_vpc_response_mock(), account_id, region_1)
vpc2 = VPC(mocks.build_vpc_response_mock(), account_id, region_2)
ec2_gateway_1 = mocks.EC2Gateway(account_id, region_1)
ec2_gateway_2 = mocks.EC2Gateway(account_id, region_2)
ec2_gateways = mocks.EC2Gateways([ec2_gateway_1, ec2_gateway_2])
logger = Mock()
vpc1_route_table_1 = Mock(name="VPC 1 route table 1")
ec2_gateway_1.resource().route_tables = Mock(
name="VPC route tables")
ec2_gateway_1.resource().route_tables.filter = Mock(
name="Filtered VPC route tables",
return_value=iter([vpc1_route_table_1]))
vpc_peering_connection = Mock(name="VPC peering connection")
vpc_peering_relationship = Mock()
vpc_peering_relationship.fetch = Mock(
return_value=vpc_peering_connection)
vpc_peering_routes = VPCPeeringRoute(
ec2_gateways,
logger,
between=[vpc1, vpc2],
peering_relationship=vpc_peering_relationship)
vpc_peering_routes.provision()
logger.info.assert_any_call(
"Route creation succeeded for '%s'. Continuing.",
vpc1_route_table_1.id)
def test_logs_that_routes_are_being_added_for_a_vpc(self):
region_1 = randoms.region()
region_2 = randoms.region()
account_id = randoms.account_id()
vpc1 = VPC(mocks.build_vpc_response_mock(), account_id, region_1)
vpc2 = VPC(mocks.build_vpc_response_mock(), account_id, region_2)
ec2_gateway_1 = mocks.EC2Gateway(account_id, region_1)
ec2_gateway_2 = mocks.EC2Gateway(account_id, region_2)
ec2_gateways = mocks.EC2Gateways([ec2_gateway_1, ec2_gateway_2])
logger = Mock()
vpc1_route_table_1 = Mock(name="VPC 1 route table 1")
ec2_gateway_1.resource().route_tables = Mock(
name="VPC route tables")
ec2_gateway_1.resource().route_tables.filter = Mock(
name="Filtered VPC route tables",
return_value=iter([vpc1_route_table_1]))
vpc_peering_connection = Mock(name="VPC peering connection")
vpc_peering_relationship = Mock()
vpc_peering_relationship.fetch = Mock(
return_value=vpc_peering_connection)
vpc_peering_routes = VPCPeeringRoute(
ec2_gateways,
logger,
between=[vpc1, vpc2],
peering_relationship=vpc_peering_relationship)
vpc_peering_routes.provision()
logger.info.assert_any_call(
"Adding routes to private subnets in: '%s' pointing at '%s:%s:%s'.",
vpc1.id, vpc2.id, vpc2.cidr_block, vpc_peering_connection.id)
def test_logs_not_found_target_vpc(self):
region = randoms.region()
account_id = randoms.account_id()
vpc1_id = randoms.vpc_id()
vpc1 = mocks.build_vpc_response_mock(
name='VPC 1',
id=vpc1_id,
tags=builders.build_vpc_tags(component="thing1",
deployment_identifier="gold",
dependencies=["thing2-silver"]))
ec2_gateway = mocks.EC2Gateway(account_id, region)
ec2_gateways = mocks.EC2Gateways([ec2_gateway])
logger = Mock(name="Logger")
ec2_gateway.resource().vpcs.all = Mock(name="All VPCs",
return_value=[])
vpc_links = VPCLinks(ec2_gateways, logger)
vpc_links.resolve_for(account_id, vpc1_id)
logger.info.assert_any_call("No VPC found with ID: '%s'. Aborting.",
vpc1.id)
def test_find_by_identifier(self):
account_1_id = randoms.account_id()
account_2_id = randoms.account_id()
region_1_id = randoms.region()
region_2_id = randoms.region()
vpc_identifier = "vpc-2-component-vpc-2-deployment-identifier"
vpc_1_response = mocks.build_vpc_response_mock(
name="VPC 1",
tags=builders.build_vpc_tags(
component="vpc-1-component",
deployment_identifier="vpc-1-deployment-identifier"))
vpc_2_response = mocks.build_vpc_response_mock(
name="VPC 2",
tags=builders.build_vpc_tags(
component="vpc-2-component",
deployment_identifier="vpc-2-deployment-identifier"))
vpc_3_response = mocks.build_vpc_response_mock(
name="VPC 3",
tags=builders.build_vpc_tags(
component="vpc-3-component",
deployment_identifier="vpc-3-deployment-identifier"))
vpc_4_response = mocks.build_vpc_response_mock(
name="VPC 4",
tags=builders.build_vpc_tags(
component="vpc-4-component",
deployment_identifier="vpc-4-deployment-identifier"))
ec2_gateway_1_1 = mocks.EC2Gateway(account_1_id, region_1_id)
ec2_gateway_1_2 = mocks.EC2Gateway(account_1_id, region_2_id)
ec2_gateway_2_1 = mocks.EC2Gateway(account_2_id, region_1_id)
ec2_gateway_2_2 = mocks.EC2Gateway(account_2_id, region_2_id)
ec2_gateways = mocks.EC2Gateways([
ec2_gateway_1_1,
ec2_gateway_1_2,
ec2_gateway_2_1,
ec2_gateway_2_2,
])
ec2_gateway_1_1.resource().vpcs.all = \
mock.Mock(
name="Account 1 region 1 VPCs",
return_value=[vpc_1_response])
ec2_gateway_1_2.resource().vpcs.all = \
mock.Mock(
name="Account 1 region 2 VPCs",
return_value=[vpc_2_response])
ec2_gateway_2_1.resource().vpcs.all = \
mock.Mock(
name="Account 2 region 1 VPCs",
return_value=[vpc_3_response, vpc_4_response])
ec2_gateway_2_2.resource().vpcs.all = \
mock.Mock(
name="Account 2 region 2 VPCs",
return_value=[])
all_vpcs = AllVPCs(ec2_gateways)
found_vpc = all_vpcs.find_by_component_instance_identifier(
vpc_identifier)
self.assertEqual(found_vpc,
VPC(vpc_2_response, account_1_id, region_2_id))
def test_find_dependents_of_vpc(self):
account_1_id = randoms.account_id()
account_2_id = randoms.account_id()
region_1_id = randoms.region()
region_2_id = randoms.region()
target_vpc = VPC(
mocks.build_vpc_response_mock(
name="Target VPC",
tags=builders.build_vpc_tags(component="target",
deployment_identifier="default")),
account_1_id, region_1_id)
vpc_1_response = mocks.build_vpc_response_mock(
name="VPC 1",
tags=builders.build_vpc_tags(
dependencies=["target-default", "other-thing"]))
vpc_2_response = mocks.build_vpc_response_mock(
name="VPC 2", tags=builders.build_vpc_tags(dependencies=[]))
vpc_3_response = mocks.build_vpc_response_mock(
name="VPC 3", tags=builders.build_vpc_tags(dependencies=[]))
vpc_4_response = mocks.build_vpc_response_mock(
name="VPC 4",
tags=builders.build_vpc_tags(
dependencies=["other-thing", "target-default"]))
ec2_gateway_1_1 = mocks.EC2Gateway(account_1_id, region_1_id)
ec2_gateway_1_2 = mocks.EC2Gateway(account_1_id, region_2_id)
ec2_gateway_2_1 = mocks.EC2Gateway(account_2_id, region_1_id)
ec2_gateway_2_2 = mocks.EC2Gateway(account_2_id, region_2_id)
ec2_gateways = mocks.EC2Gateways([
ec2_gateway_1_1,
ec2_gateway_1_2,
ec2_gateway_2_1,
ec2_gateway_2_2,
])
ec2_gateway_1_1.resource().vpcs.all = \
mock.Mock(
name="Account 1 region 1 VPCs",
return_value=[vpc_1_response])
ec2_gateway_1_2.resource().vpcs.all = \
mock.Mock(
name="Account 1 region 2 VPCs",
return_value=[vpc_2_response])
ec2_gateway_2_1.resource().vpcs.all = \
mock.Mock(
name="Account 2 region 1 VPCs",
return_value=[vpc_3_response, vpc_4_response])
ec2_gateway_2_2.resource().vpcs.all = \
mock.Mock(
name="Account 2 region 2 VPCs",
return_value=[])
all_vpcs = AllVPCs(ec2_gateways)
found_vpcs = all_vpcs.find_dependents_of(target_vpc)
self.assertEqual(
set(found_vpcs), {
VPC(vpc_1_response, account_1_id, region_1_id),
VPC(vpc_4_response, account_2_id, region_1_id)
})
def test_resolves_using_multiple_ec2_gateways(self):
region_1 = randoms.region()
region_2 = randoms.region()
account_id_1 = randoms.account_id()
account_id_2 = randoms.account_id()
target_vpc_id = randoms.vpc_id()
target_vpc_response = mocks.build_vpc_response_mock(
id=target_vpc_id,
name="Target VPC",
tags=builders.build_vpc_tags(
component='thing1',
deployment_identifier='gold',
dependencies=['thing2-silver', 'thing3-bronze']))
dependent_dependency_vpc_response = mocks.build_vpc_response_mock(
name='Dependent Dependency VPC',
tags=builders.build_vpc_tags(component='thing2',
deployment_identifier='silver',
dependencies=['thing1-gold']))
standard_dependency_vpc_response = mocks.build_vpc_response_mock(
name='Standard Dependency VPC',
tags=builders.build_vpc_tags(component='thing3',
deployment_identifier='bronze',
dependencies=[]))
standard_dependent_vpc_response = mocks.build_vpc_response_mock(
name='Standard Dependent VPC',
tags=builders.build_vpc_tags(component='thing4',
deployment_identifier='lead',
dependencies=['thing1-gold']))
other_vpc_response = mocks.build_vpc_response_mock(
name='Other VPC',
tags=builders.build_vpc_tags(component='other-thing',
deployment_identifier='copper',
dependencies=[]))
target_vpc = VPC(target_vpc_response, account_id_1, region_1)
dependent_dependency_vpc = \
VPC(dependent_dependency_vpc_response, account_id_1, region_1)
standard_dependency_vpc = \
VPC(standard_dependency_vpc_response, account_id_2, region_2)
standard_dependent_vpc = \
VPC(standard_dependent_vpc_response, account_id_1, region_1)
ec2_gateway_1 = mocks.EC2Gateway(account_id_1, region_1)
ec2_gateway_2 = mocks.EC2Gateway(account_id_2, region_2)
ec2_gateways = mocks.EC2Gateways([ec2_gateway_1, ec2_gateway_2])
logger = Mock(name="Logger")
ec2_gateway_1.resource().vpcs.all = Mock(
name="All VPCs in account %s, region %s" %
(account_id_1, region_1),
return_value=[
dependent_dependency_vpc_response, target_vpc_response,
standard_dependent_vpc_response
])
ec2_gateway_2.resource().vpcs.all = Mock(
name='All VPCs in account %s, region %s' %
(account_id_2, region_2),
return_value=[
standard_dependency_vpc_response, other_vpc_response
])
vpc_links = VPCLinks(ec2_gateways, logger)
resolved_vpc_links = vpc_links.resolve_for(account_id_1, target_vpc_id)
self.assertEqual(
resolved_vpc_links, {
VPCLink(ec2_gateways,
logger,
between=[target_vpc, dependent_dependency_vpc],
routes=[[target_vpc, dependent_dependency_vpc],
[dependent_dependency_vpc, target_vpc]]),
VPCLink(ec2_gateways,
logger,
between=[target_vpc, standard_dependency_vpc],
routes=[[target_vpc, standard_dependency_vpc]]),
VPCLink(ec2_gateways,
logger,
between=[standard_dependent_vpc, target_vpc],
routes=[[standard_dependent_vpc, target_vpc]])
})