def setup(self):
super(BuildWorkspace, self).setup()
env = self.runner.get_service(self.resource.environment, self.name)
account = self.runner.get_service(
self.resource.environment.account,
self.name
)
workspace = self.runner.get_service(
self.resource.environment.account.workspace,
self.name
)
settings_section = ".".join([
env.resource.name,
self.resource.name,
])
self.database = account.aws.add_database(
name=self.resource.name,
allocated_storage='10',
instance_class='db.t1.micro',
engine="postgres",
engine_version="9.3.6",
db_name=self.name,
master_username="******",
master_password=workspace.project_config.add_string(
name="{}.password".format(settings_section),
default=expressions.pwgen(),
retain_default=True,
),
backup_retention_period=8,
multi_az=True,
auto_minor_version_upgrade=True,
iops=None,
publically_accessible=self.resource.public,
storage_encrypted='no',
storage_type="gp2",
security_groups=[self.security_group],
subnet_group=account.aws.add_db_subnet_group(
name=self.resource.name,
description="Subnet group for {!r}".format(self.resource.name),
subnets=self.subnets,
)
)
self.object = {
"Url": self.database.get_property("Endpoint")
}
self.setup_cloudwatch_alarms(account)
def setup(self):
super(BuildWorkspace, self).setup()
env = self.runner.get_service(self.resource.environment, self.name)
account = self.runner.get_service(self.resource.environment.account,
self.name)
workspace = self.runner.get_service(
self.resource.environment.account.workspace, self.name)
settings_section = ".".join([
env.resource.name,
self.resource.name,
])
self.database = account.aws.add_database(
name=self.resource.name,
allocated_storage='10',
instance_class='db.t1.micro',
engine="postgres",
engine_version="9.3.6",
db_name=self.name,
master_username="******",
master_password=workspace.project_config.add_string(
name="{}.password".format(settings_section),
default=expressions.pwgen(),
retain_default=True,
),
backup_retention_period=8,
multi_az=True,
auto_minor_version_upgrade=True,
iops=None,
publically_accessible=self.resource.public,
storage_encrypted='no',
storage_type="gp2",
security_groups=[self.security_group],
subnet_group=account.aws.add_db_subnet_group(
name=self.resource.name,
description="Subnet group for {!r}".format(self.resource.name),
subnets=self.subnets,
))
self.object = {"Url": self.database.get_property("Endpoint")}
self.setup_cloudwatch_alarms(account)
def test_pwgen(self):
serializer = expressions.pwgen(length=31, symbols=True)
self.assertTrue(isinstance(serializer, serializers.Expression))
rendered = serializer.render(None, None)
self.assertEqual(len(rendered), 31)
def test_database_with_config_password(self):
goal = self.create_goal('apply')
# have pwgen generate consistent passwords
secure_random = self.fixtures.enter_context(mock.patch('touchdown.config.expressions.random.SystemRandom'))
secure_random.return_value.choice.side_effect = lambda x: x[0]
folder = self.fixtures.enter_context(TemporaryFolderFixture(goal, self.workspace))
# A pre-existing KMS key that is used to encrypt a locally stored INI file
key = self.fixtures.enter_context(KeyStubber(
goal.get_service(
self.aws.get_key(
name='test-key',
),
'describe',
)
))
# These are the calls from the planning stage - touchdown needs to check
# it exists and get key metadata before it will allow any changes to
# be made
key.add_list_keys_one()
key.add_describe_key()
# These are the API calls made when the config setting is encrypted and
# stored
key.add_list_keys_one()
key.add_describe_key()
key.add_generate_data_key()
# The password is decrypted again so that it can be passed to the
# database creation
key.add_decrypt()
# We will call decrypt again in the test to make sure the password
# was saved
key.add_decrypt()
# An ini file that is encrypted with KMS and store on disk
config_file = key.resource.add_cipher(
file=folder.add_file(name='test.cfg'),
).add_ini_file()
# A password that is generated by SystemRandom helpers and stored
# in the secrets config the first time a deployment happens
password_variable = config_file.add_string(
name='database.password',
default=pwgen(symbols=True),
retain_default=True,
)
# A database that uses the password created above
database = self.fixtures.enter_context(DatabaseStubber(
goal.get_service(
self.aws.add_database(
name='my-database',
allocated_storage=5,
instance_class='db.m3.medium',
engine='postgres',
master_username='******',
master_password=password_variable,
storage_encrypted=True,
),
'apply',
)
))
database.add_describe_db_instances_empty()
database.add_create_db_instance(
password='******' * 28,
)
database.add_describe_db_instances_one()
database.add_describe_db_instances_one()
goal.execute()
stored = goal.get_service(password_variable, 'get').execute()
# Assert that the generated password is remembered by touchdown
self.assertEqual(stored[0], 'a' * 28)
# Assert that touchdown considers this config to be 'user set'
self.assertEqual(stored[1], True)