def test_delete_vpc_with_attached_internet_gateway(self):
igw_ctx = {
'name': 'igw01'
}
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24',
'internet_gateway': 'igw01'
}
igw_filters = [{'Name': 'tag:Name', 'Values': ['igw01']}]
vpc_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_vpc.VpcWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Vpc'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the internet gateway
h = ec2_igw.create_handler(igw_ctx, self.credentials)
h.create_resource()
gateways = list(ec2.internet_gateways.filter(Filters=igw_filters))
igw = gateways[0]
self.assertCountEqual(igw.attachments, [])
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=vpc_filters))
vpc = vpcs[0]
# Test that the internet gateway has been attached
igw.reload()
attachments = [{'VpcId': vpc.id, 'State': 'available'}]
self.assertCountEqual(igw.attachments, attachments)
# We clear the resource cache to simulate a new
# program execution with the 'delete' option
base.BaseHandler._cache.clear()
# Delete the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.delete_resource()
vpcs = list(ec2.vpcs.filter(Filters=vpc_filters))
self.assertEqual(len(vpcs), 0)
def test_create_subnet(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
subnet_ctx = {
'name': 'subnet01a',
'cidr_block': '10.0.10.0/25',
'zone': 'us-west-2a',
'vpc': 'vpc01',
'tags': {
'description': 'Test subnet (zone a) for VPC vpc01'
}
}
tags = [
{
'Key': 'Name',
'Value': 'subnet01a'
},
{
'Key': 'Description',
'Value': 'Test subnet (zone a) for VPC vpc01'
}
]
vpc_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
subnet_filters = [{'Name': 'tag:Name', 'Values': ['subnet01a']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_subnet.SubnetWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Subnet'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=vpc_filters))
vpc = vpcs[0]
# Create the subnet
h = ec2_subnet.create_handler(subnet_ctx, self.credentials)
h.create_resource()
subnets = list(ec2.subnets.filter(Filters=subnet_filters))
subnet = subnets[0]
self.assertEqual(len(subnets), 1)
self.assertEqual(subnet.name, 'subnet01a')
self.assertEqual(subnet.cidr_block, '10.0.10.0/25')
self.assertEqual(subnet.availability_zone, 'us-west-2a')
self.assertEqual(subnet.vpc_id, vpc.id)
self.assertEqual(subnet.map_public_ip_on_launch, False)
self.assertCountEqual(subnet.tags, tags)
def test_delete_vpc(self):
ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_vpc.VpcWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Vpc'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(ctx, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=filters))
self.assertEqual(len(vpcs), 1)
# We clear the resource cache to simulate a new
# program execution with the 'delete' option
base.BaseHandler._cache.clear()
# Delete the VPC
h.delete_resource()
vpcs = list(ec2.vpcs.filter(Filters=filters))
self.assertEqual(len(vpcs), 0)
def test_delete_route_table_with_association(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
subnet_ctx = {
'name': 'subnet01a',
'cidr_block': '10.0.10.0/25',
'zone': 'us-west-2a',
'vpc': 'vpc01'
}
rt_ctx = {
'name': 'rt01',
'vpc': 'vpc01',
'subnets': [
'subnet01a'
]
}
filters = [{'Name': 'tag:Name', 'Values': ['rt01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_rt.RouteTableWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.RouteTable'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the subnet
h = ec2_subnet.create_handler(subnet_ctx, self.credentials)
h.create_resource()
# Create the route table
h = ec2_rt.create_handler(rt_ctx, self.credentials)
h.create_resource()
route_tables = list(ec2.route_tables.filter(Filters=filters))
self.assertEqual(len(route_tables), 1)
# We clear the resource cache to simulate a new
# program execution with the 'delete' option
base.BaseHandler._cache.clear()
# Delete the route table
h.delete_resource()
route_tables = list(ec2.route_tables.filter(Filters=filters))
self.assertEqual(len(route_tables), 0)
def test_create_route_table(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
rt_ctx = {
'name': 'rt01',
'vpc': 'vpc01',
'tags': {
'description': 'Replace the default route table for VPC vpc01'
}
}
tags = [
{
'Key': 'Name',
'Value': 'rt01'
},
{
'Key': 'Description',
'Value': 'Replace the default route table for VPC vpc01'
}
]
vpc_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
rt_filters = [{'Name': 'tag:Name', 'Values': ['rt01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_rt.RouteTableWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.RouteTable'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=vpc_filters))
vpc = vpcs[0]
# Create the route table
h = ec2_rt.create_handler(rt_ctx, self.credentials)
h.create_resource()
route_tables = list(ec2.route_tables.filter(Filters=rt_filters))
rt = route_tables[0]
self.assertEqual(len(route_tables), 1)
self.assertEqual(rt.name, 'rt01')
self.assertEqual(rt.vpc_id, vpc.id)
self.assertCountEqual(rt.tags, tags)
def test_create_security_group(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
sg_ctx = {
'name': 'sg01a',
'description': 'Test security group sg01a',
'vpc': 'vpc01'
}
tags = [
{
'Key': 'Name',
'Value': 'sg01a'
}
]
vpc_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
sg_filters = [{'Name': 'tag:Name', 'Values': ['sg01a']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_sg.SecurityGroupWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.SecurityGroup'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=vpc_filters))
vpc = vpcs[0]
# Create the security group
h = ec2_sg.create_handler(sg_ctx, self.credentials)
h.create_resource()
security_groups = list(ec2.security_groups.filter(Filters=sg_filters))
sg = security_groups[0]
self.assertEqual(len(security_groups), 1)
self.assertEqual(sg.name, 'sg01a')
# Security groups have a dedicated attribute for their name
self.assertEqual(sg.name, sg.group_name)
self.assertEqual(sg.vpc_id, vpc.id)
self.assertCountEqual(sg.tags, tags)
def test_delete_security_group(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
sg_ctx = {
'name': 'sg01a',
'description': 'Test security group sg01a',
'vpc': 'vpc01'
}
filters = [{'Name': 'tag:Name', 'Values': ['sg01a']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_sg.SecurityGroupWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.SecurityGroup'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the security group
h = ec2_sg.create_handler(sg_ctx, self.credentials)
h.create_resource()
security_groups = list(ec2.security_groups.filter(Filters=filters))
self.assertEqual(len(security_groups), 1)
# We clear the resource cache to simulate a new
# program execution with the 'delete' option
base.BaseHandler._cache.clear()
# Delete the security group
h.delete_resource()
security_groups = list(ec2.security_groups.filter(Filters=filters))
self.assertEqual(len(security_groups), 0)
def test_create_vpc(self):
ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24',
'tags': {
'description': 'VPC vpc01 (subnet01a & subnet01b)'
}
}
tags = [
{
'Key': 'Name',
'Value': 'vpc01'
},
{
'Key': 'Description',
'Value': 'VPC vpc01 (subnet01a & subnet01b)'
}
]
filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_vpc.VpcWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Vpc'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(ctx, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=filters))
vpc = vpcs[0]
self.assertEqual(len(vpcs), 1)
self.assertEqual(vpc.name, 'vpc01')
self.assertEqual(vpc.cidr_block, '10.0.10.0/24')
self.assertCountEqual(vpc.tags, tags)
def test_delete_route(self):
igw_ctx = {
'name': 'igw01'
}
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24',
'internet_gateway': 'igw01'
}
rt_ctx1 = {
'name': 'rt01',
'vpc': 'vpc01',
'routes': [
{
'destination': '0.0.0.0/0',
'target_name': 'igw01',
'target_type': 'internet_gateway'
}
]
}
rt_ctx2 = {
'name': 'rt01',
'vpc': 'vpc01',
'routes': None
}
igw_filters = [{'Name': 'tag:Name', 'Values': ['igw01']}]
rt_filters = [{'Name': 'tag:Name', 'Values': ['rt01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_rt.RouteTableWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.RouteTable'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the internet gateway
h = ec2_igw.create_handler(igw_ctx, self.credentials)
h.create_resource()
internet_gateways = list(ec2.internet_gateways.filter(Filters=igw_filters))
igw = internet_gateways[0]
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the route table
h = ec2_rt.create_handler(rt_ctx1, self.credentials)
h.create_resource()
route_tables = list(ec2.route_tables.filter(Filters=rt_filters))
rt = route_tables[0]
route = {
'GatewayId': igw.id,
'DestinationCidrBlock': '0.0.0.0/0',
'Origin': 'CreateRoute',
'State': 'active'
}
route_wrapper = ec2_rt.RouteWrapper(route)
self.assertEqual(len(rt.routes), 2) # the new route + the default VPC route
self.assertIn(route_wrapper, rt.custom_routes)
# We clear the resource cache to simulate a new
# program execution with the 'update' option
base.BaseHandler._cache.clear()
# Update the route table
h = ec2_rt.create_handler(rt_ctx2, self.credentials)
h.update_resource()
route_tables = list(ec2.route_tables.filter(Filters=rt_filters))
rt = route_tables[0]
self.assertEqual(len(rt.routes), 1) # the default VPC route
self.assertCountEqual(rt.custom_routes, [])
def test_change_subnet_association(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
subnet_ctx = {
'name': 'subnet01a',
'cidr_block': '10.0.10.0/25',
'zone': 'us-west-2a',
'vpc': 'vpc01'
}
rt_ctx1 = {
'name': 'rt01',
'vpc': 'vpc01',
'subnets': [
'subnet01a'
]
}
rt_ctx2 = {
'name': 'rt02',
'vpc': 'vpc01',
'subnets': [
'subnet01a'
]
}
subnet_filters = [{'Name': 'tag:Name', 'Values': ['subnet01a']}]
rt01_filters = [{'Name': 'tag:Name', 'Values': ['rt01']}]
rt02_filters = [{'Name': 'tag:Name', 'Values': ['rt02']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_rt.RouteTableWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.RouteTable'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the subnet
h = ec2_subnet.create_handler(subnet_ctx, self.credentials)
h.create_resource()
subnets = list(ec2.subnets.filter(Filters=subnet_filters))
subnet = subnets[0]
# Create route table rt01
h = ec2_rt.create_handler(rt_ctx1, self.credentials)
h.create_resource()
route_tables = list(ec2.route_tables.filter(Filters=rt01_filters))
rt01 = route_tables[0]
filters = [
{
'Name': 'association.subnet-id',
'Values': [subnet.id]
},
{
'Name': 'association.route-table-id',
'Values': [rt01.id]
}
]
associations = list(rt01.associations.filter(Filters=filters))
self.assertEqual(len(associations), 1)
# Create route table rt02
h = ec2_rt.create_handler(rt_ctx2, self.credentials)
h.create_resource()
route_tables = list(ec2.route_tables.filter(Filters=rt02_filters))
rt02 = route_tables[0]
filters = [
{
'Name': 'association.subnet-id',
'Values': [subnet.id]
},
{
'Name': 'association.route-table-id',
'Values': [rt02.id]
}
]
associations = list(rt02.associations.filter(Filters=filters))
self.assertEqual(len(associations), 1)
def test_update_vpc(self):
ctx1 = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24',
'tags': {
'description': 'VPC vpc01 (subnet01a & subnet01b)',
'stack': 'Test',
'owner': 'Team A'
}
}
ctx2 = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24',
'tags': {
'description': 'VPC vpc01 (subnet01a & subnet01b)',
'stack': 'Production'
}
}
tags1 = [
{
'Key': 'Name',
'Value': 'vpc01'
},
{
'Key': 'Description',
'Value': 'VPC vpc01 (subnet01a & subnet01b)'
},
{
'Key': 'Stack',
'Value': 'Test'
},
{
'Key': 'Owner',
'Value': 'Team A'
}
]
tags2 = [
{
'Key': 'Name',
'Value': 'vpc01'
},
{
'Key': 'Description',
'Value': 'VPC vpc01 (subnet01a & subnet01b)'
},
{
'Key': 'Stack',
'Value': 'Production'
}
]
filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_vpc.VpcWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Vpc'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(ctx1, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=filters))
vpc = vpcs[0]
vpc_id = vpc.id
self.assertEqual(len(vpcs), 1)
self.assertCountEqual(vpc.tags, tags1)
# We clear the resource cache to simulate a new
# program execution with the 'update' option
base.BaseHandler._cache.clear()
# Update the VPC
h = ec2_vpc.create_handler(ctx2, self.credentials)
h.update_resource()
vpcs = list(ec2.vpcs.filter(Filters=filters))
vpc = vpcs[0]
self.assertEqual(len(vpcs), 1)
self.assertEqual(vpc.id, vpc_id)
self.assertCountEqual(vpc.tags, tags2)
def test_authorize_ingress_rule(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
sg_ctx = {
'name': 'sg01a',
'description': 'Test security group sg01a',
'vpc': 'vpc01',
'ingress': [
{
'ip_protocol': 'tcp',
'from_port': 22,
'to_port': 22,
'sources': [
'192.0.2.10/32'
]
}
]
}
ip_permission = {
'IpProtocol': 'tcp',
'FromPort': 22,
'ToPort': 22,
'IpRanges': [
{
'CidrIp': '192.0.2.10/32'
}
],
'UserIdGroupPairs': []
}
rule = ec2_sg.RuleWrapper(ip_permission, flow='source')
filters = [{'Name': 'tag:Name', 'Values': ['sg01a']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_sg.SecurityGroupWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.SecurityGroup'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the security group
h = ec2_sg.create_handler(sg_ctx, self.credentials)
h.create_resource()
security_groups = list(ec2.security_groups.filter(Filters=filters))
sg = security_groups[0]
self.assertEqual(len(security_groups), 1)
self.assertEqual(len(sg.ingress_rules), 1)
self.assertIn(rule, sg.ingress_rules)
def test_update_security_group(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
sg_ctx1 = {
'name': 'sg01b',
'description': 'Test security group sg01b',
'vpc': 'vpc01',
'tags': {
'stack': 'Test',
'owner': 'Team A'
}
}
sg_ctx2 = {
'name': 'sg01b',
'description': 'Test security group sg01b',
'vpc': 'vpc01',
'tags': {
'stack': 'Production',
'platform': 'app01'
}
}
tags1 = [
{
'Key': 'Name',
'Value': 'sg01b'
},
{
'Key': 'Stack',
'Value': 'Test'
},
{
'Key': 'Owner',
'Value': 'Team A'
}
]
tags2 = [
{
'Key': 'Name',
'Value': 'sg01b'
},
{
'Key': 'Stack',
'Value': 'Production'
},
{
'Key': 'Platform',
'Value': 'app01'
}
]
sg_filters = [{'Name': 'tag:Name', 'Values': ['sg01b']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_sg.SecurityGroupWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.SecurityGroup'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the security group
h = ec2_sg.create_handler(sg_ctx1, self.credentials)
h.create_resource()
security_groups = list(ec2.security_groups.filter(Filters=sg_filters))
sg = security_groups[0]
sg_id = sg.id
self.assertEqual(len(security_groups), 1)
self.assertCountEqual(sg.tags, tags1)
# We clear the resource cache to simulate a new
# program execution with the 'update' option
base.BaseHandler._cache.clear()
# Update the security group
h = ec2_sg.create_handler(sg_ctx2, self.credentials)
h.update_resource()
security_groups = list(ec2.security_groups.filter(Filters=sg_filters))
sg = security_groups[0]
self.assertEqual(len(security_groups), 1)
self.assertEqual(sg.id, sg_id)
self.assertCountEqual(sg.tags, tags2)
def test_revoke_egress_rule(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
sg_ctx1 = {
'name': 'sg01a',
'description': 'Test security group sg01a',
'vpc': 'vpc01',
'egress': [
{
'ip_protocol': '-1',
'from_port': -1,
'to_port': -1,
'destinations': [
'0.0.0.0/0'
]
}
]
}
sg_ctx2 = {
'name': 'sg01a',
'description': 'Test security group sg01a',
'vpc': 'vpc01'
}
ip_permission = {
'IpProtocol': '-1',
'FromPort': -1,
'ToPort': -1,
'IpRanges': [
{
'CidrIp': '0.0.0.0/0'
}
],
'UserIdGroupPairs': []
}
rule = ec2_sg.RuleWrapper(ip_permission, flow='destination')
filters = [{'Name': 'tag:Name', 'Values': ['sg01a']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_sg.SecurityGroupWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.SecurityGroup'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the security group
h = ec2_sg.create_handler(sg_ctx1, self.credentials)
h.create_resource()
security_groups = list(ec2.security_groups.filter(Filters=filters))
sg = security_groups[0]
self.assertEqual(len(security_groups), 1)
self.assertEqual(len(sg.egress_rules), 1)
self.assertIn(rule, sg.egress_rules)
# We clear the resource cache to simulate a new
# program execution with the 'update' option
base.BaseHandler._cache.clear()
# Update the security group
h = ec2_sg.create_handler(sg_ctx2, self.credentials)
h.update_resource()
security_groups = list(ec2.security_groups.filter(Filters=filters))
sg = security_groups[0]
self.assertEqual(len(security_groups), 1)
self.assertEqual(len(sg.egress_rules), 0)
def test_authorize_egress_rule_for_sg(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
sg_ctx1 = {
'name': 'sg01b',
'description': 'Test security group sg01b',
'vpc': 'vpc01'
}
sg_ctx2 = {
'name': 'sg01a',
'description': 'Test security group sg01a',
'vpc': 'vpc01',
'egress': [
{
'ip_protocol': 'tcp',
'from_port': 11211,
'to_port': 11211,
'destinations': [
'sg01b'
]
}
]
}
filters1 = [{'Name': 'tag:Name', 'Values': ['sg01b']}]
filters2 = [{'Name': 'tag:Name', 'Values': ['sg01a']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_sg.SecurityGroupWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.SecurityGroup'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the security groups
h = ec2_sg.create_handler(sg_ctx1, self.credentials)
h.create_resource()
h = ec2_sg.create_handler(sg_ctx2, self.credentials)
h.create_resource()
security_groups = list(ec2.security_groups.filter(Filters=filters1))
sg01b = security_groups[0]
self.assertEqual(len(security_groups), 1)
security_groups = list(ec2.security_groups.filter(Filters=filters2))
sg01a = security_groups[0]
self.assertEqual(len(security_groups), 1)
ip_permission = {
'IpProtocol': 'tcp',
'FromPort': 11211,
'ToPort': 11211,
'IpRanges': [],
'UserIdGroupPairs': [
{
'GroupId': sg01b.id,
'UserId': sg01b.owner_id
}
]
}
rule = ec2_sg.RuleWrapper(ip_permission, flow='destination')
self.assertEqual(len(sg01a.egress_rules), 1)
self.assertIn(rule, sg01a.egress_rules)
def test_update_route_table(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
rt_ctx1 = {
'name': 'rt01',
'vpc': 'vpc01',
'tags': {
'description': 'Replace the default route table for VPC vpc01',
'stack': 'Test',
'owner': 'Team A'
}
}
rt_ctx2 = {
'name': 'rt01',
'vpc': 'vpc01',
'tags': {
'description': 'Replace the default route table for VPC vpc01',
'stack': 'Production'
}
}
tags1 = [
{
'Key': 'Name',
'Value': 'rt01'
},
{
'Key': 'Description',
'Value': 'Replace the default route table for VPC vpc01'
},
{
'Key': 'Stack',
'Value': 'Test'
},
{
'Key': 'Owner',
'Value': 'Team A'
}
]
tags2 = [
{
'Key': 'Name',
'Value': 'rt01'
},
{
'Key': 'Description',
'Value': 'Replace the default route table for VPC vpc01'
},
{
'Key': 'Stack',
'Value': 'Production'
}
]
rt_filters = [{'Name': 'tag:Name', 'Values': ['rt01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_rt.RouteTableWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.RouteTable'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the route table
h = ec2_rt.create_handler(rt_ctx1, self.credentials)
h.create_resource()
route_tables = list(ec2.route_tables.filter(Filters=rt_filters))
rt = route_tables[0]
rt_id = rt.id
self.assertEqual(len(route_tables), 1)
self.assertCountEqual(rt.tags, tags1)
# Update the route table
h = ec2_rt.create_handler(rt_ctx2, self.credentials)
h.update_resource()
route_tables = list(ec2.route_tables.filter(Filters=rt_filters))
rt = route_tables[0]
self.assertEqual(len(route_tables), 1)
self.assertEqual(rt.id, rt_id)
self.assertCountEqual(rt.tags, tags2)
def test_update_map_public_ip_on_launch(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
subnet_ctx1 = {
'name': 'subnet01b',
'cidr_block': '10.0.10.128/25',
'zone': 'us-west-2b',
'vpc': 'vpc01'
}
subnet_ctx2 = {
'name': 'subnet01b',
'cidr_block': '10.0.10.128/25',
'zone': 'us-west-2b',
'vpc': 'vpc01',
'map_public_ip_on_launch': True
}
subnet_filters = [{'Name': 'tag:Name', 'Values': ['subnet01b']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_subnet.SubnetWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Subnet'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the subnet
h = ec2_subnet.create_handler(subnet_ctx1, self.credentials)
h.create_resource()
subnets = list(ec2.subnets.filter(Filters=subnet_filters))
subnet = subnets[0]
subnet_id = subnet.id
self.assertEqual(len(subnets), 1)
self.assertEqual(subnet.name, 'subnet01b')
self.assertEqual(subnet.cidr_block, '10.0.10.128/25')
self.assertEqual(subnet.availability_zone, 'us-west-2b')
self.assertEqual(subnet.map_public_ip_on_launch, False)
# We clear the resource cache to simulate a new
# program execution with the 'update' option
base.BaseHandler._cache.clear()
# Update the subnet
h = ec2_subnet.create_handler(subnet_ctx2, self.credentials)
h.update_resource()
subnets = list(ec2.subnets.filter(Filters=subnet_filters))
subnet = subnets[0]
self.assertEqual(len(subnets), 1)
self.assertEqual(subnet.id, subnet_id)
self.assertEqual(subnet.map_public_ip_on_launch, True)
def test_internet_gateway_already_attached(self):
igw01_ctx = {
'name': 'igw01'
}
vpc01_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24',
'internet_gateway': 'igw01'
}
vpc02_ctx = {
'name': 'vpc02',
'cidr_block': '10.0.20.0/24',
'internet_gateway': 'igw01'
}
igw01_filters = [{'Name': 'tag:Name', 'Values': ['igw01']}]
vpc01_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
vpc02_filters = [{'Name': 'tag:Name', 'Values': ['vpc02']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_vpc.VpcWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Vpc'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the internet gateway
h = ec2_igw.create_handler(igw01_ctx, self.credentials)
h.create_resource()
gateways = list(ec2.internet_gateways.filter(Filters=igw01_filters))
igw01 = gateways[0]
self.assertCountEqual(igw01.attachments, [])
# Create the first VPC (vpc01)
h = ec2_vpc.create_handler(vpc01_ctx, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=vpc01_filters))
vpc01 = vpcs[0]
attachments = [{'VpcId': vpc01.id, 'State': 'available'}]
# Test that the internet gateway has been attached
igw01.reload()
self.assertCountEqual(igw01.attachments, attachments)
# Create the second VPC (vpc02)
h = ec2_vpc.create_handler(vpc02_ctx, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=vpc02_filters))
vpc02 = vpcs[0]
self.assertNotEqual(vpc01.id, vpc02.id)
# Test that the internet gateway is still attached to the first VPC
igw01.reload()
self.assertCountEqual(igw01.attachments, attachments)
def test_update_subnet(self):
vpc_ctx = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24'
}
subnet_ctx1 = {
'name': 'subnet01b',
'cidr_block': '10.0.10.128/25',
'zone': 'us-west-2b',
'vpc': 'vpc01',
'tags': {
'description': 'Test subnet (zone b) for VPC vpc01',
'stack': 'Test',
'owner': 'Team A'
}
}
subnet_ctx2 = {
'name': 'subnet01b',
'cidr_block': '10.0.10.128/25',
'zone': 'us-west-2b',
'vpc': 'vpc01',
'tags': {
'description': 'Test subnet (zone b) for VPC vpc01',
'stack': 'Production'
}
}
tags1 = [
{
'Key': 'Name',
'Value': 'subnet01b'
},
{
'Key': 'Description',
'Value': 'Test subnet (zone b) for VPC vpc01'
},
{
'Key': 'Stack',
'Value': 'Test'
},
{
'Key': 'Owner',
'Value': 'Team A'
}
]
tags2 = [
{
'Key': 'Name',
'Value': 'subnet01b'
},
{
'Key': 'Description',
'Value': 'Test subnet (zone b) for VPC vpc01'
},
{
'Key': 'Stack',
'Value': 'Production'
}
]
subnet_filters = [{'Name': 'tag:Name', 'Values': ['subnet01b']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_subnet.SubnetWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Subnet'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the VPC
h = ec2_vpc.create_handler(vpc_ctx, self.credentials)
h.create_resource()
# Create the subnet
h = ec2_subnet.create_handler(subnet_ctx1, self.credentials)
h.create_resource()
subnets = list(ec2.subnets.filter(Filters=subnet_filters))
subnet = subnets[0]
subnet_id = subnet.id
self.assertEqual(len(subnets), 1)
self.assertCountEqual(subnet.tags, tags1)
# We clear the resource cache to simulate a new
# program execution with the 'update' option
base.BaseHandler._cache.clear()
# Update the subnet
h = ec2_subnet.create_handler(subnet_ctx2, self.credentials)
h.update_resource()
subnets = list(ec2.subnets.filter(Filters=subnet_filters))
subnet = subnets[0]
self.assertEqual(len(subnets), 1)
self.assertEqual(subnet.id, subnet_id)
self.assertCountEqual(subnet.tags, tags2)
def test_another_internet_gateway_already_attached_2(self):
# Case 2: an internet gateway is attached to the VPC and there
# is another internet gateway defined in the configuration. We
# also leave everything unchanged.
igw01_ctx = {
'name': 'igw01'
}
igw02_ctx = {
'name': 'igw02'
}
vpc01_ctx1 = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24',
'internet_gateway': 'igw01'
}
vpc01_ctx2 = {
'name': 'vpc01',
'cidr_block': '10.0.10.0/24',
'internet_gateway': 'igw02'
}
igw01_filters = [{'Name': 'tag:Name', 'Values': ['igw01']}]
igw02_filters = [{'Name': 'tag:Name', 'Values': ['igw02']}]
vpc01_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}]
def _add_wrapper(base_classes, **kwargs):
base_classes.insert(0, ec2_vpc.VpcWrapper)
with mock_ec2():
event = 'creating-resource-class.ec2.Vpc'
session = Session(**self.credentials)
session.events.register(event, _add_wrapper)
ec2 = session.resource('ec2')
# Create the first internet gateway
h = ec2_igw.create_handler(igw01_ctx, self.credentials)
h.create_resource()
gateways = list(ec2.internet_gateways.filter(Filters=igw01_filters))
igw01 = gateways[0]
self.assertCountEqual(igw01.attachments, [])
# Create the VPC
h = ec2_vpc.create_handler(vpc01_ctx1, self.credentials)
h.create_resource()
vpcs = list(ec2.vpcs.filter(Filters=vpc01_filters))
vpc01 = vpcs[0]
attachments = [{'VpcId': vpc01.id, 'State': 'available'}]
# Test that the internet gateway has been attached
igw01.reload()
self.assertCountEqual(igw01.attachments, attachments)
# Create the second internet gateway
h = ec2_igw.create_handler(igw02_ctx, self.credentials)
h.create_resource()
gateways = list(ec2.internet_gateways.filter(Filters=igw02_filters))
igw02 = gateways[0]
self.assertCountEqual(igw02.attachments, [])
# We clear the resource cache to simulate a new
# program execution with the 'update' option
base.BaseHandler._cache.clear()
# Update the VPC with the new context
h = ec2_vpc.create_handler(vpc01_ctx2, self.credentials)
h.update_resource()
# Test that the first internet gateway is still attached to the VPC
igw01.reload()
self.assertCountEqual(igw01.attachments, attachments)
# Test that the second internet gateway is not attached
igw02.reload()
self.assertCountEqual(igw02.attachments, [])
