def test_ec2_security_group_validator(mocker):
os.environ["AWS_DEFAULT_REGION"] = "us-east-1"
describe_security_group_mock = mocker.patch(
"pcluster.aws.ec2.Ec2Client.describe_security_group",
return_value={
"IpPermissionsEgress": [],
"Description":
"My security group",
"IpPermissions": [{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [{
"CidrIp": "203.0.113.0/24"
}],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
}],
"GroupName":
"MySecurityGroup",
"OwnerId":
"123456789012",
"GroupId":
"sg-12345678",
},
)
actual_failures = SecurityGroupsValidator().execute(["sg-12345678"])
assert_failure_messages(actual_failures, None)
describe_security_group_mock.assert_called_with("sg-12345678")
def test_instance_type_validator(mocker, instance_type, expected_message):
mock_aws_api(mocker)
mocker.patch("pcluster.aws.ec2.Ec2Client.list_instance_types",
return_value=["t2.micro", "c4.xlarge"])
actual_failures = InstanceTypeValidator().execute(instance_type)
assert_failure_messages(actual_failures, expected_message)
def test_efa_placement_group_validator(efa_enabled, placement_group_enabled,
placement_group_config_implicit,
expected_message):
actual_failures = EfaPlacementGroupValidator().execute(
efa_enabled, placement_group_enabled, placement_group_config_implicit)
assert_failure_messages(actual_failures, expected_message)
def test_disable_simultaneous_multithreading_architecture_validator(
disable_simultaneous_multithreading, architecture, expected_message
):
actual_failures = DisableSimultaneousMultithreadingArchitectureValidator().execute(
disable_simultaneous_multithreading, architecture
)
assert_failure_messages(actual_failures, expected_message)
def test_fsx_backup_id_validator(mocker, backup_id, expected_message):
os.environ["AWS_DEFAULT_REGION"] = "us-east-1"
valid_key_id = "backup-0ff8da96d57f3b4e3"
generate_describe_backups_error = backup_id != valid_key_id
if generate_describe_backups_error:
describe_backup_mock = mocker.patch(
"pcluster.aws.fsx.FSxClient.describe_backup",
side_effect=AWSClientError(function_name="describe_backup",
message=expected_message),
)
else:
describe_backup_mock = mocker.patch(
"pcluster.aws.fsx.FSxClient.describe_backup",
return_value={
"BackupId": valid_key_id,
"Lifecycle": "AVAILABLE",
"Type": "USER_INITIATED",
"CreationTime": 1594159673.559,
"FileSystem": {
"StorageCapacity": 7200,
"StorageType": "SSD",
"LustreConfiguration": {
"DeploymentType": "PERSISTENT_1",
"PerUnitStorageThroughput": 200
},
},
},
)
actual_failures = FsxBackupIdValidator().execute(backup_id)
assert_failure_messages(actual_failures, expected_message)
describe_backup_mock.assert_called_with(backup_id)
def test_role_validator(mocker, role_arn, side_effect, expected_message):
mock_aws_api(mocker)
mocker.patch("pcluster.aws.iam.IamClient.get_role",
side_effect=side_effect)
actual_failures = RoleValidator().execute(role_arn=role_arn)
assert_failure_messages(actual_failures, expected_message)
def test_key_pair_validator(mocker, key_pair, side_effect, expected_message):
mock_aws_api(mocker)
mocker.patch("pcluster.aws.ec2.Ec2Client.describe_key_pair",
return_value=key_pair,
side_effect=side_effect)
actual_failures = KeyPairValidator().execute(key_name=key_pair)
assert_failure_messages(actual_failures, expected_message)
def test_s3_bucket_region_validator(mocker, bucket, bucket_region,
cluster_region, expected_message,
aws_api_mock):
aws_api_mock.s3.get_bucket_region.return_value = bucket_region
actual_failures = S3BucketRegionValidator().execute(bucket=bucket,
region=cluster_region)
assert_failure_messages(actual_failures, expected_message)
aws_api_mock.s3.get_bucket_region.assert_called_with(bucket)
def test_url_validator(mocker, url, response, expected_message, aws_api_mock,
error):
aws_api_mock.s3.head_object.return_value = response
mocker.patch("pcluster.validators.s3_validators.urlopen",
side_effect=error)
actual_failures = UrlValidator().execute(url=url)
assert_failure_messages(actual_failures, expected_message)
def test_duplicate_instance_type_validator(instance_type_list,
expected_message):
instance_type_param_list = [
instance_type for instance_type in instance_type_list
]
actual_failures = DuplicateInstanceTypeValidator().execute(
instance_type_param_list)
assert_failure_messages(actual_failures, expected_message)
def test_cluster_name_validator(cluster_name, should_trigger_error):
expected_message = ((
"Error: The cluster name can contain only alphanumeric characters (case-sensitive) and hyphens. "
"It must start with an alphabetic character and can't be longer "
f"than {PCLUSTER_NAME_MAX_LENGTH} characters.")
if should_trigger_error else None)
actual_failures = ClusterNameValidator().execute(cluster_name)
assert_failure_messages(actual_failures, expected_message)
def test_additional_iam_policy_validator(mocker, policy_arn,
expected_get_policy_side_effect,
expected_message):
mock_aws_api(mocker)
mocker.patch("pcluster.aws.iam.IamClient.get_policy",
side_effect=expected_get_policy_side_effect)
actual_failures = AdditionalIamPolicyValidator().execute(policy=policy_arn)
assert_failure_messages(actual_failures, expected_message)
def test_compute_ami_os_compatible_validator(mocker, image_id, os, ami_info,
expected_message):
mock_aws_api(mocker)
mocker.patch("pcluster.aws.ec2.Ec2Client.describe_image",
return_value=ami_info)
actual_failures = ComputeAmiOsCompatibleValidator().execute(
image_id=image_id, os=os)
assert_failure_messages(actual_failures, expected_message)
def test_instance_architecture_compatibility_validator(
mocker, head_node_architecture, compute_architecture, compute_instance_type, expected_message
):
mock_aws_api(mocker)
mocker.patch("pcluster.aws.ec2.Ec2Client.get_supported_architectures", return_value=[compute_architecture])
actual_failures = InstanceArchitectureCompatibilityValidator().execute(
compute_instance_type, head_node_architecture
)
assert_failure_messages(actual_failures, expected_message)
def test_fsx_s3_validator(import_path, imported_file_chunk_size, export_path,
auto_import_policy, expected_message):
actual_failures = FsxS3Validator().execute(
import_path,
imported_file_chunk_size,
export_path,
auto_import_policy,
)
assert_failure_messages(actual_failures, expected_message)
def test_instance_profile_validator(mocker, instance_profile_arn, side_effect,
expected_message):
mock_aws_api(mocker)
mocker.patch("pcluster.aws.iam.IamClient.get_instance_profile",
side_effect=side_effect)
actual_failures = InstanceProfileValidator().execute(
instance_profile_arn=instance_profile_arn)
assert_failure_messages(actual_failures, expected_message)
def test_dcv_validator(dcv_enabled, os, instance_type, allowed_ips, port, expected_message):
actual_failures = DcvValidator().execute(
instance_type,
dcv_enabled,
allowed_ips,
port,
os,
"x86_64" if instance_type.startswith("t2") else "arm64",
)
assert_failure_messages(actual_failures, expected_message)
def test_auto_import_policy_validator(mocker, auto_import_policy,
cluster_region, bucket_region,
expected_message):
mock_aws_api(mocker)
mocker.patch("pcluster.aws.s3.S3Client.get_bucket_region",
return_value=bucket_region)
os.environ["AWS_DEFAULT_REGION"] = cluster_region
actual_failures = FsxAutoImportValidator().execute(
auto_import_policy, "s3://test/test1/test2")
assert_failure_messages(actual_failures, expected_message)
def test_kms_key_validator(mocker, kms_key_id, expected_message):
mock_aws_api(mocker)
mocker.patch(
"pcluster.aws.kms.KmsClient.describe_key",
side_effect=AWSClientError(function_name="describe_key",
message=expected_message)
if expected_message else None,
)
actual_failures = KmsKeyValidator().execute(kms_key_id)
assert_failure_messages(actual_failures, expected_message)
def test_ami_volume_size_validator(mocker, image, volume_size,
expected_message, ami_response):
mocker.patch("pcluster.imagebuilder_utils.get_ami_id",
return_value="ami-0185634c5a8a37250")
mock_aws_api(mocker)
mocker.patch(
"pcluster.aws.ec2.Ec2Client.describe_image",
return_value=ImageInfo(ami_response),
)
actual_failures = AMIVolumeSizeValidator().execute(volume_size, image)
assert_failure_messages(actual_failures, expected_message)
def test_fsx_storage_type_options_validator(storage_type, deployment_type,
per_unit_storage_throughput,
drive_cache_type,
expected_message):
actual_failures = FsxStorageTypeOptionsValidator().execute(
storage_type,
deployment_type,
per_unit_storage_throughput,
drive_cache_type,
)
assert_failure_messages(actual_failures, expected_message)
def test_hosted_zone_validator(mocker, vpcs, is_private_zone, domain_name, expected_message):
get_hosted_zone_info = {
"HostedZone": {"Name": domain_name, "Config": {"PrivateZone": is_private_zone}},
"VPCs": vpcs,
}
mock_aws_api(mocker)
mocker.patch("pcluster.aws.route53.Route53Client.get_hosted_zone", return_value=get_hosted_zone_info)
actual_failures = HostedZoneValidator().execute(
hosted_zone_id="12345Z",
cluster_vpc="vpc-123",
cluster_name="ThisClusterNameShouldBeRightSize-ContainAHyphen-AndANumber12",
)
assert_failure_messages(actual_failures, expected_message)
def test_efa_security_group_validator(
boto3_stubber,
efa_enabled,
security_groups,
additional_security_groups,
ip_permissions,
ip_permissions_egress,
expected_message,
):
def _append_mocked_describe_sg_request(ip_perm, ip_perm_egress, sec_group):
describe_security_groups_response = {
"SecurityGroups": [{
"IpPermissionsEgress": ip_perm_egress,
"Description": "My security group",
"IpPermissions": ip_perm,
"GroupName": "MySecurityGroup",
"OwnerId": "123456789012",
"GroupId": sec_group,
}]
}
return MockedBoto3Request(
method="describe_security_groups",
response=describe_security_groups_response,
expected_params={"GroupIds": [security_group]},
)
if efa_enabled:
# Set SG different by sg-12345678 as incomplete. The only full valid SG can be the sg-12345678 one.
perm = ip_permissions if "sg-12345678" else []
perm_egress = ip_permissions_egress if "sg-12345678" else []
mocked_requests = []
if security_groups:
for security_group in security_groups:
mocked_requests.append(
_append_mocked_describe_sg_request(perm, perm_egress,
security_group))
# We don't need to check additional sg only if security_group is not a custom one.
if additional_security_groups:
for security_group in additional_security_groups:
mocked_requests.append(
_append_mocked_describe_sg_request(
perm, perm_egress, security_group))
boto3_stubber("ec2", mocked_requests)
actual_failures = EfaSecurityGroupValidator().execute(
efa_enabled, security_groups, additional_security_groups)
assert_failure_messages(actual_failures, expected_message)
def test_capacity_type_validator(mocker, capacity_type,
supported_usage_classes, expected_message):
mock_aws_api(mocker)
mocker.patch(
"pcluster.aws.ec2.Ec2Client.get_instance_type_info",
return_value=InstanceTypeInfo({
"InstanceType":
"instance-type",
"SupportedUsageClasses":
supported_usage_classes
}),
)
actual_failures = CapacityTypeValidator().execute(
capacity_type=capacity_type, instance_type="instance-type")
assert_failure_messages(actual_failures, expected_message)
def test_efa_validator(mocker, boto3_stubber, instance_type, efa_enabled, gdr_support, efa_supported, expected_message):
mock_aws_api(mocker)
get_instance_type_info_mock = mocker.patch(
"pcluster.aws.ec2.Ec2Client.get_instance_type_info",
return_value=InstanceTypeInfo(
{
"InstanceType": instance_type,
"VCpuInfo": {"DefaultVCpus": 4, "DefaultCores": 2},
"NetworkInfo": {"EfaSupported": instance_type == "c5n.18xlarge"},
}
),
)
actual_failures = EfaValidator().execute(instance_type, efa_enabled, gdr_support)
assert_failure_messages(actual_failures, expected_message)
if efa_enabled:
get_instance_type_info_mock.assert_called_with(instance_type)
def test_fsx_storage_capacity_validator(
storage_capacity,
deployment_type,
storage_type,
per_unit_storage_throughput,
file_system_id,
backup_id,
expected_message,
):
actual_failures = FsxStorageCapacityValidator().execute(
storage_capacity,
deployment_type,
storage_type,
per_unit_storage_throughput,
file_system_id,
backup_id,
)
assert_failure_messages(actual_failures, expected_message)
def test_ebs_volume_size_snapshot_validator(
volume_size,
snapshot_size,
state,
partition,
mocker,
expected_message,
raise_error_when_getting_snapshot_info,
):
os.environ["AWS_DEFAULT_REGION"] = "us-east-1"
snapshot_id = "snap-1234567890abcdef0"
describe_snapshots_response = {
"Description": "This is my snapshot",
"Encrypted": False,
"VolumeId": "vol-049df61146c4d7901",
"State": state,
"VolumeSize": snapshot_size,
"StartTime": "2014-02-28T21:28:32.000Z",
"Progress": "100%",
"OwnerId": "012345678910",
"SnapshotId": snapshot_id,
}
if raise_error_when_getting_snapshot_info:
mocker.patch(
"pcluster.aws.ec2.Ec2Client.get_ebs_snapshot_info",
side_effect=Exception(expected_message),
)
else:
mocker.patch(
"pcluster.aws.ec2.Ec2Client.get_ebs_snapshot_info",
return_value=describe_snapshots_response,
)
mocker.patch(
"pcluster.validators.ebs_validators.get_partition",
return_value="aws-cn" if partition == "aws-cn" else "aws-us-gov",
)
actual_failures = EbsVolumeSizeSnapshotValidator().execute(
snapshot_id, volume_size)
assert_failure_messages(actual_failures, expected_message)
def test_fsx_backup_options_validator(
automatic_backup_retention_days,
daily_automatic_backup_start_time,
copy_tags_to_backups,
deployment_type,
imported_file_chunk_size,
import_path,
export_path,
auto_import_policy,
expected_message,
):
actual_failures = FsxBackupOptionsValidator().execute(
automatic_backup_retention_days,
daily_automatic_backup_start_time,
copy_tags_to_backups,
deployment_type,
imported_file_chunk_size,
import_path,
export_path,
auto_import_policy,
)
assert_failure_messages(actual_failures, expected_message)
def test_instance_type_base_ami_compatible_validator(
mocker,
instance_type,
parent_image,
expected_message,
ami_response,
ami_side_effect,
instance_response,
instance_architectures,
):
mocker.patch("pcluster.imagebuilder_utils.get_ami_id",
return_value="ami-0185634c5a8a37250")
mock_aws_api(mocker)
mocker.patch("pcluster.aws.ec2.Ec2Client.describe_image",
return_value=ImageInfo(ami_response),
side_effect=ami_side_effect)
mocker.patch("pcluster.aws.ec2.Ec2Client.list_instance_types",
return_value=instance_response)
mocker.patch("pcluster.aws.ec2.Ec2Client.get_supported_architectures",
return_value=instance_architectures)
actual_failures = InstanceTypeBaseAMICompatibleValidator().execute(
instance_type=instance_type, image=parent_image)
assert_failure_messages(actual_failures, expected_message)
def test_ec2_subnet_id_validator(mocker):
describe_subnets_response = [
{
"SubnetId": "subnet-12345678",
"VpcId": "vpc-06e4ab6c6cEXAMPLE",
},
{
"SubnetId": "subnet-23456789",
"VpcId": "vpc-06e4ab6c6cEXAMPLE",
},
]
mock_aws_api(mocker)
mocker.patch("pcluster.aws.ec2.Ec2Client.describe_subnets",
return_value=describe_subnets_response)
mocker.patch("pcluster.aws.ec2.Ec2Client.is_enable_dns_support",
return_value=True)
mocker.patch("pcluster.aws.ec2.Ec2Client.is_enable_dns_hostnames",
return_value=describe_subnets_response)
# TODO test with invalid key
actual_failures = SubnetsValidator().execute(
["subnet-12345678", "subnet-23456789"])
assert_failure_messages(actual_failures, None)
