Exemplo n.º 1
0
def test_create_change_set():
    s = Stack(name='teststack')

    aws_env = AWSEnv(regions=['us-east-1'])
    with default_region('us-east-1'):
        cfn_client = aws_env.client('cloudformation', region='us-east-1')

        stubber = Stubber(cfn_client)
        stubber.add_response(
            'create_change_set', {}, {
                'Capabilities': ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM'],
                'StackName': 'teststack',
                'ChangeSetName': 'name1',
                'TemplateBody': ANY
            })
        stubber.add_response(
            'create_change_set', {}, {
                'Capabilities': ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM'],
                'ChangeSetName': 'name2',
                'StackName': 'teststack',
                'TemplateURL': ANY
            })
        with stubber:
            s.create_change_set('name1')
            s.create_change_set('name2', url='noprotocol://nothing')
Exemplo n.º 2
0
def test_create_fortress_no_bastion():
    aws_env = AWSEnv(regions=['us-east-1'], stub=True)
    with default_region('us-east-1'):
        stub = aws_env.stub('ec2', region='us-east-1')
        stub.add_response(
            'describe_images', {
                'Images': [{
                    'ImageId': 'ami-1234',
                    'RootDeviceName': '/dev/sda1',
                    'Tags': []
                }]
            }, {'ImageIds': ANY})
        stub.add_response(
            'describe_images', {
                'Images': [{
                    'ImageId': 'ami-1234',
                    'RootDeviceName': '/dev/sda1',
                    'Tags': []
                }]
            }, {'ImageIds': ANY})
        d = PolicyDocument().append(
            Allow(to='s3:GetObject',
                  on=['arn:aws:s3:::mybucket', 'arn:aws:s3:::mybucket/*']))
        p = Policy('InternalPolicy', d)
        f = Fortress('myfortress', bastion_ami=None, internal_server_policy=p)
        f += Bucket('Bucket2')

        # Allow access to mybucket through a s3 endpoint
        f.private_subnet.add_bucket_access(['mybucket', f['Bucket2']])

        # allow https
        f.add_network_access('https')
        f.add_private_server(AMI('ami-1234'), ['server1', 'server2'])

        assert f.body
Exemplo n.º 3
0
def test_ls_ami():
    """List AMIS from all regions."""
    aws_env = AWSEnv(regions=['us-east-1', 'eu-west-1'], stub=True)
    stub_us = aws_env.stub('ec2', region='us-east-1')
    stub_eu = aws_env.stub('ec2', region='eu-west-1')

    stub_eu.add_response(
        'describe_images', {
            'Images': [{
                'ImageId': 'ami-1234',
                'RootDeviceName': '/dev/sda1',
                'Tags': []
            }]
        }, {
            'Filters': [],
            'Owners': ['self']
        })
    stub_us.add_response(
        'describe_images', {
            'Images': [{
                'ImageId': 'ami-5678',
                'RootDeviceName': '/dev/sda1',
                'Tags': []
            }]
        }, {
            'Filters': [],
            'Owners': ['self']
        })
    assert len(AMI.ls()) == 2
Exemplo n.º 4
0
def test_win_user_data_creation():
    """Test creation of windows user data."""
    a = WinUserData()
    a.add("powershell", 'echo "test powezrshell"')
    a.add("script", "echo test script")
    assert yaml.dump(a.properties)

    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        stub = aws_env.stub("ec2", region="us-east-1")
        stub.add_response(
            "describe_images",
            {
                "Images": [
                    {
                        "ImageId": "ami-1234-win",
                        "RootDeviceName": "/dev/sda1",
                        "Platform": "windows",
                        "Tags": [],
                    }
                ]
            },
            {"ImageIds": ANY},
        )

        i = Instance("testmachine", AMI("ami-1234-win"))
        i.add_user_data("persist", "true")
        assert i.properties
Exemplo n.º 5
0
def test_create_change_set():
    s = Stack(name="teststack")

    aws_env = AWSEnv(regions=["us-east-1"])
    with default_region("us-east-1"):
        cfn_client = aws_env.client("cloudformation", region="us-east-1")

        stubber = Stubber(cfn_client)
        stubber.add_response(
            "create_change_set",
            {},
            {
                "Capabilities": ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"],
                "StackName": "teststack",
                "ChangeSetName": "name1",
                "TemplateBody": ANY,
            },
        )
        stubber.add_response(
            "create_change_set",
            {},
            {
                "Capabilities": ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"],
                "ChangeSetName": "name2",
                "StackName": "teststack",
                "TemplateURL": ANY,
            },
        )
        with stubber:
            s.create_change_set("name1")
            s.create_change_set("name2", url="noprotocol://nothing")
Exemplo n.º 6
0
def test_create_instance():
    aws_env = AWSEnv(regions=['us-east-1'], stub=True)
    with default_region('us-east-1'):
        stub = aws_env.stub('ec2', region='us-east-1')
        stub.add_response(
            'describe_images',
            {'Images': [{'ImageId': 'ami-1234',
                         'RootDeviceName': '/dev/sda1'}]},
            {'ImageIds': ANY})

        i = Instance('testmachine', AMI('ami-1234'), disk_size=20)
        assert i.properties

        i.add(EphemeralDisk('/dev/sdb', 0))
        assert i.properties

        vpc = VPC('VPC', '10.10.0.0/16')
        subnet = Subnet('Subnet', vpc, '10.10.10.0/24')
        subnet = Subnet('Subnet2', vpc, '10.10.20.0/24')
        security_group = SecurityGroup('mysgroup', vpc)
        i.add(NetworkInterface(subnet, description='first network interface'))
        i.add(NetworkInterface(subnet,
                               groups=[security_group],
                               description='2nd network interface'))
        i.add(NetworkInterface(subnet,
                               groups=[security_group],
                               description='3rd network interface',
                               device_index=3))
        assert i.properties

        with pytest.raises(AssertionError):
            i.add("non valid ec2 device")
Exemplo n.º 7
0
def test_ls_ami():
    """List AMIS from all regions."""
    aws_env = AWSEnv(regions=["us-east-1", "eu-west-1"], stub=True)
    stub_us = aws_env.stub("ec2", region="us-east-1")
    stub_eu = aws_env.stub("ec2", region="eu-west-1")

    stub_eu.add_response(
        "describe_images",
        {
            "Images": [
                {"ImageId": "ami-1234", "RootDeviceName": "/dev/sda1", "Tags": []}
            ]
        },
        {"Filters": [], "Owners": ["self"]},
    )
    stub_us.add_response(
        "describe_images",
        {
            "Images": [
                {"ImageId": "ami-5678", "RootDeviceName": "/dev/sda1", "Tags": []}
            ]
        },
        {"Filters": [], "Owners": ["self"]},
    )
    assert len(AMI.ls()) == 2
Exemplo n.º 8
0
def test_cfn_main() -> None:
    class MyCFNMain(CFNMain):
        def create_stack(self) -> Stack:
            return Stack(name="teststack")

    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        aws_env.client("cloudformation", region="us-east-1")

        stubber = aws_env.stub("cloudformation")
        stubber.add_response("validate_template", {}, {"TemplateBody": ANY})
        stubber.add_response(
            "create_stack",
            {},
            {
                "Capabilities": ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"],
                "StackName": "teststack",
                "ClientRequestToken": ANY,
                "TemplateBody": ANY,
            },
        )
        stubber.add_response("describe_stacks", {}, {"StackName": "teststack"})
        with stubber:
            m = MyCFNMain(regions=["us-east-1"])
            m.execute(args=["push", "--no-wait"], aws_env=aws_env)
Exemplo n.º 9
0
def test_cfn_main_multiple_stacks():
    class MyCFNMain(CFNMain):
        def create_stack(self):
            return [Stack(name="first-stack"), Stack(name="second-stack")]

    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        aws_env.client("cloudformation", region="us-east-1")

        stubber = aws_env.stub("cloudformation")
        for stack_name in ("first-stack", "second-stack"):
            stubber.add_response("validate_template", {},
                                 {"TemplateBody": ANY})
            stubber.add_response(
                "create_stack",
                {},
                {
                    "Capabilities": ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"],
                    "StackName": f"{stack_name}",
                    "TemplateBody": ANY,
                },
            )
            stubber.add_response("describe_stacks", {},
                                 {"StackName": f"{stack_name}"})
        with stubber:
            m = MyCFNMain(regions=["us-east-1"])
            m.execute(args=["push", "--no-wait"], aws_env=aws_env)
Exemplo n.º 10
0
def test_create_fortress(enable_github, requests_mock):
    if enable_github:
        requests_mock.get("https://api.github.com/meta", json=GITHUB_API_RANGE)
    requests_mock.get("https://ip-ranges.amazonaws.com/ip-ranges.json",
                      json=AWS_IP_RANGES)
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        stub = aws_env.stub("ec2", region="us-east-1")
        stub.add_response(
            "describe_images",
            {
                "Images": [{
                    "ImageId": "ami-1234",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": []
                }]
            },
            {"ImageIds": ANY},
        )
        stub.add_response(
            "describe_images",
            {
                "Images": [{
                    "ImageId": "ami-1234",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": []
                }]
            },
            {"ImageIds": ANY},
        )
        d = PolicyDocument().append(
            Allow(
                to="s3:GetObject",
                on=["arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"],
            ))
        p = Policy("InternalPolicy", d)
        f = Fortress(
            "myfortress",
            allow_ssh_from="0.0.0.0/0",
            bastion_ami=AMI("ami-1234"),
            internal_server_policy=p,
        )
        f += Bucket("Bucket2")

        # Allow access to mybucket through a s3 endpoint
        f.private_subnet.add_bucket_access(["mybucket", f["Bucket2"]])

        # Allow access to a secret throught a secretsmanager endpoint
        f.add_secret_access("arn_secret")

        # Allow access to lambdas throught lambda endpoints
        f.add_secret_access(["arn_lambda_1", "arn_lambda_2"])

        # allow https
        f.add_network_access("https")
        f.add_private_server(AMI("ami-1234"), ["server1", "server2"],
                             github_access=enable_github)

        assert f.body
Exemplo n.º 11
0
def test_validate():
    s = Stack(name="teststack")

    aws_env = AWSEnv(regions=["us-east-1"])
    with default_region("us-east-1"):
        cfn_client = aws_env.client("cloudformation", region="us-east-1")

        stubber = Stubber(cfn_client)
        stubber.add_response("validate_template", {}, {"TemplateBody": ANY})
        stubber.add_response("validate_template", {}, {"TemplateURL": ANY})
        with stubber:
            s.validate()
            s.validate(url="noprotocol://nothing")
Exemplo n.º 12
0
def test_validate():
    s = Stack(name='teststack')

    aws_env = AWSEnv(regions=['us-east-1'])
    with default_region('us-east-1'):
        cfn_client = aws_env.client('cloudformation', region='us-east-1')

        stubber = Stubber(cfn_client)
        stubber.add_response('validate_template', {}, {'TemplateBody': ANY})
        stubber.add_response('validate_template', {}, {'TemplateURL': ANY})
        with stubber:
            s.validate()
            s.validate(url='noprotocol://nothing')
Exemplo n.º 13
0
def test_cfn_main_s3():
    class MyCFNMain(CFNMain):
        def create_stack(self):
            return Stack(name='teststack')

    os.mkdir('data')
    aws_env = AWSEnv(regions=['us-east-1'], stub=True)
    with default_region('us-east-1'):
        aws_env.client('cloudformation', region='us-east-1')

        stubber = aws_env.stub('cloudformation')
        stubber.add_response('validate_template', {}, {'TemplateURL': ANY})
        stubber.add_response('create_stack', {}, {
            'Capabilities': ['CAPABILITY_IAM'],
            'StackName': 'teststack',
            'TemplateURL': ANY
        })
        stubber.add_response('describe_stacks', {}, {'StackName': 'teststack'})

        aws_env.client('s3', region='us-east-1')
        s3_stubber = aws_env.stub('s3')
        s3_stubber.add_response(
            'put_object', DEFAULT_S3_ANSWER, {
                'Bucket': 'superbucket',
                'Body': ANY,
                'Key': ANY,
                'ServerSideEncryption': 'AES256'
            })
        with stubber:
            with s3_stubber:
                m = MyCFNMain(regions=['us-east-1'],
                              data_dir='data',
                              s3_bucket='superbucket',
                              s3_key='test_key')
                m.execute(args=['push'], aws_env=aws_env)
Exemplo n.º 14
0
def test_create_stack():
    s = Stack(name='teststack')

    aws_env = AWSEnv(regions=['us-east-1'])
    with default_region('us-east-1'):
        cfn_client = aws_env.client('cloudformation', region='us-east-1')

        stubber = Stubber(cfn_client)
        stubber.add_response('create_stack', {}, {
            'Capabilities': ['CAPABILITY_IAM'],
            'StackName': 'teststack',
            'TemplateBody': ANY
        })
        with stubber:
            s.create()
Exemplo n.º 15
0
    def execute(self, args=None, known_args_only=False, aws_env=None):
        """Execute application and return exit status.

        See parse_args arguments.
        """
        super(CFNMain, self).parse_args(args, known_args_only)
        if aws_env is not None:
            self.aws_env = aws_env
        else:

            if self.assume_role:
                main_session = Session(regions=self.regions, profile=self.args.profile)
                self.aws_env = main_session.assume_role(
                    self.assume_role[0], self.assume_role[1]
                )
                # ??? needed since we still use a global variable for AWSEnv
                Env().aws_env = self.aws_env
            else:
                self.aws_env = AWSEnv(regions=self.regions, profile=self.args.profile)
            self.aws_env.default_region = self.args.region

        return_val = 0
        stacks = self.create_stack()

        if isinstance(stacks, list):
            for stack in stacks:
                return_val = self.execute_for_stack(stack)
                # Stop at first failure
                if return_val:
                    return return_val
        else:
            return_val = self.execute_for_stack(stacks)

        return return_val
Exemplo n.º 16
0
def test_create_fortress_no_bastion():
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        stub = aws_env.stub("ec2", region="us-east-1")
        stub.add_response(
            "describe_images",
            {
                "Images": [{
                    "ImageId": "ami-1234",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": []
                }]
            },
            {"ImageIds": ANY},
        )
        stub.add_response(
            "describe_images",
            {
                "Images": [{
                    "ImageId": "ami-1234",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": []
                }]
            },
            {"ImageIds": ANY},
        )
        d = PolicyDocument().append(
            Allow(
                to="s3:GetObject",
                on=["arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"],
            ))
        p = Policy("InternalPolicy", d)
        f = Fortress("myfortress", bastion_ami=None, internal_server_policy=p)
        f += Bucket("Bucket2")

        # Allow access to mybucket through a s3 endpoint
        f.private_subnet.add_bucket_access(["mybucket", f["Bucket2"]])

        # Allow access to a secret throught a secretsmanager endpoint
        f.add_secret_access("arn_secret")

        # allow https
        f.add_network_access("https")
        f.add_private_server(AMI("ami-1234"), ["server1", "server2"])

        assert f.body
Exemplo n.º 17
0
def test_create_instance():
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        stub = aws_env.stub("ec2", region="us-east-1")
        stub.add_response(
            "describe_images",
            {
                "Images": [
                    {"ImageId": "ami-1234", "RootDeviceName": "/dev/sda1", "Tags": []}
                ]
            },
            {"ImageIds": ANY},
        )

        i = Instance("testmachine", AMI("ami-1234"), disk_size=20)
        assert i.properties

        i.add(EphemeralDisk("/dev/sdb", 0))
        assert i.properties

        i.add(EBSDisk("/dev/sdc", size=20, encrypted=True))
        assert i.properties

        vpc = VPC("VPC", "10.10.0.0/16")
        subnet = Subnet("Subnet", vpc, "10.10.10.0/24")
        subnet = Subnet("Subnet2", vpc, "10.10.20.0/24")
        security_group = SecurityGroup("mysgroup", vpc)
        i.add(EC2NetworkInterface(subnet, description="first network interface"))
        i.add(
            EC2NetworkInterface(
                subnet, groups=[security_group], description="2nd network interface"
            )
        )
        i.add(
            EC2NetworkInterface(
                subnet,
                groups=[security_group],
                description="3rd network interface",
                device_index=3,
            )
        )
        assert i.properties

        with pytest.raises(AssertionError):
            i.add("non valid ec2 device")
Exemplo n.º 18
0
def test_cfn_init_set():
    s = Stack(name='teststack')

    aws_env = AWSEnv(regions=['us-east-1'], stub=True)
    with default_region('us-east-1'):
        stub = aws_env.stub('ec2', region='us-east-1')
        stub.add_response(
            'describe_images', {
                'Images': [{
                    'ImageId': 'ami-1234',
                    'RootDeviceName': '/dev/sda1',
                    'Tags': []
                }]
            }, {'ImageIds': ANY})

        s += Instance('server', AMI('ami-1234'))
        s['server'].set_cfn_init(s)
        assert s.body
Exemplo n.º 19
0
def test_cfn_init_set():
    s = Stack(name="teststack")

    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        stub = aws_env.stub("ec2", region="us-east-1")
        stub.add_response(
            "describe_images",
            {
                "Images": [
                    {"ImageId": "ami-1234", "RootDeviceName": "/dev/sda1", "Tags": []}
                ]
            },
            {"ImageIds": ANY},
        )

        s += Instance("server", AMI("ami-1234"))
        s["server"].set_cfn_init()
        assert s.body
Exemplo n.º 20
0
def test_docker_function(stack: Stack) -> None:
    """Test adding docker function to stack."""
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    stubber_ecr = aws_env.stub("ecr")

    stubber_ecr.add_response(
        "get_authorization_token",
        {
            "authorizationData": [{
                "authorizationToken":
                base64.b64encode(b"test_user:test_pwd").decode(),
                "proxyEndpoint":
                "test_endpoint",
            }]
        },
        {},
    )

    stack.deploy_session = aws_env
    docker_function = DockerFunction(
        name="dockerfunction",
        description="this is a test",
        role="somearn",
        source_dir=SOURCE_DIR,
        repository_name="e3_aws_test_repository",
        image_tag="test_tag",
    )
    client = docker.from_env()
    try:
        stack.add(docker_function)
    except docker.errors.APIError:
        # Push is expected to fail
        pass
    finally:
        # Always try to remove local test image
        client.images.remove(
            f"e3_aws_test_repository:{docker_function.image_tag}")

    # Add resources without trying to push the image to ECR
    stack.dry_run = True
    stack.add(docker_function)

    assert stack.export()["Resources"] == EXPECTED_DOCKER_FUNCTION
Exemplo n.º 21
0
def test_run(capfd: CaptureFixture) -> None:
    """Test AWS session run method."""
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    stubber = aws_env.stub("sts")

    # 2 calls to cli_cmd are made in this test
    for _ in range(2):
        stubber.add_response(
            "assume_role",
            {
                "Credentials": {
                    "AccessKeyId": "12345678912345678",
                    "SecretAccessKey": "12345678912345678",
                    "SessionToken": "12345678912345678",
                    "Expiration": datetime(4042, 1, 1),
                }
            },
            {
                "RoleArn": "arn:aws:iam::123456789123:role/TestRole",
                "RoleSessionName": "aws_run_session",
                "DurationSeconds": 7200,
            },
        )

    with stubber:
        p_right = aws_env.run(
            ["aws", "--version"],
            "arn:aws:iam::123456789123:role/TestRole",
            output=None,
            session_duration=7200,
        )
        assert p_right.status == 0
        captured = capfd.readouterr()
        assert captured.out.startswith("aws-cli/")

        with pytest.raises(AWSSessionRunError):
            p_wrong = aws_env.run(
                ["aws", "not_a_command"],
                "arn:aws:iam::123456789123:role/TestRole",
                output=None,
                session_duration=7200,
            )
            assert p_wrong.status != 0
Exemplo n.º 22
0
def test_cfn_main():
    class MyCFNMain(CFNMain):
        def create_stack(self):
            return Stack(name='teststack')

    aws_env = AWSEnv(regions=['us-east-1'], stub=True)
    with default_region('us-east-1'):
        aws_env.client('cloudformation', region='us-east-1')

        stubber = aws_env.stub('cloudformation')
        stubber.add_response('validate_template', {}, {'TemplateBody': ANY})
        stubber.add_response('create_stack', {}, {
            'Capabilities': ['CAPABILITY_IAM'],
            'StackName': 'teststack',
            'TemplateBody': ANY
        })
        stubber.add_response('describe_stacks', {}, {'StackName': 'teststack'})
        with stubber:
            m = MyCFNMain(regions=['us-east-1'])
            m.execute(args=['push'], aws_env=aws_env)
Exemplo n.º 23
0
def test_boto3() -> None:
    """Test boto3 session from Session."""
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    stubber = aws_env.stub("sts")

    with stubber:
        session = Session(
            regions=["us-east-1"],
            credentials={
                "AccessKeyId": "AK_test",
                "SecretAccessKey": "SA_test",
                "SessionToken": "ST_test",
            },
        )
        boto3_session = session.to_boto3()
        boto3_creds = boto3_session.get_credentials().get_frozen_credentials()

        assert boto3_creds.access_key == "AK_test"
        assert boto3_creds.secret_key == "SA_test"
        assert boto3_creds.token == "ST_test"
Exemplo n.º 24
0
def test_user_data_creation():
    """Test creation of user data."""
    a = UserData()
    a.add('toto.txt', 'x-shellscript', 'Hello')
    a.add('url1', 'x-include-url', 'toto.jpg')
    assert yaml.dump(a.properties)

    aws_env = AWSEnv(regions=['us-east-1'], stub=True)
    with default_region('us-east-1'):
        stub = aws_env.stub('ec2', region='us-east-1')
        stub.add_response(
            'describe_images', {
                'Images': [{
                    'ImageId': 'ami-1234',
                    'RootDeviceName': '/dev/sda1',
                    'Tags': []
                }]
            }, {'ImageIds': ANY})

        i = Instance('testmachine', AMI('ami-1234'))
        i.add_user_data('url1', 'x-include-url', 'http://dummy')
        assert i.properties
Exemplo n.º 25
0
def test_user_data_creation():
    """Test creation of user data."""
    a = UserData()
    a.add("toto.txt", "x-shellscript", "Hello")
    a.add("url1", "x-include-url", "toto.jpg")
    assert yaml.dump(a.properties)

    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        stub = aws_env.stub("ec2", region="us-east-1")
        stub.add_response(
            "describe_images",
            {
                "Images": [
                    {"ImageId": "ami-1234", "RootDeviceName": "/dev/sda1", "Tags": []}
                ]
            },
            {"ImageIds": ANY},
        )

        i = Instance("testmachine", AMI("ami-1234"))
        i.add_user_data("url1", "x-include-url", "http://dummy")
        assert i.properties
Exemplo n.º 26
0
def test_win_user_data_creation():
    """Test creation of windows user data."""
    a = WinUserData()
    a.add('powershell', 'echo "test powezrshell"')
    a.add('script', 'echo test script')
    assert yaml.dump(a.properties)

    aws_env = AWSEnv(regions=['us-east-1'], stub=True)
    with default_region('us-east-1'):
        stub = aws_env.stub('ec2', region='us-east-1')
        stub.add_response(
            'describe_images', {
                'Images': [{
                    'ImageId': 'ami-1234-win',
                    'RootDeviceName': '/dev/sda1',
                    'Platform': 'windows',
                    'Tags': []
                }]
            }, {'ImageIds': ANY})

        i = Instance('testmachine', AMI('ami-1234-win'))
        i.add_user_data('persist', 'true')
        assert i.properties
Exemplo n.º 27
0
def test_create_fortress_with_too_much_sgs():
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        stub = aws_env.stub("ec2", region="us-east-1")
        stub.add_response(
            "describe_images",
            {
                "Images": [{
                    "ImageId": "ami-1234",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": []
                }]
            },
            {"ImageIds": ANY},
        )

        d = PolicyDocument().append(
            Allow(
                to="s3:GetObject",
                on=["arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"],
            ))
        p = Policy("InternalPolicy", d)
        f = Fortress("myfortress", bastion_ami=None, internal_server_policy=p)

        # Adding 16 extra security groups should raise an exception (The maximum
        # number of security groups is 16 and there is a default InternalSG)
        sg_groups = [
            SecurityGroup(name=f"sg{id}", vpc=f.vpc.vpc) for id in range(16)
        ]
        with pytest.raises(AWSFortressError):
            f.add_private_server(
                AMI("ami-1234"),
                ["server1"],
                amazon_access=False,
                github_access=False,
                extra_groups=sg_groups,
            )
Exemplo n.º 28
0
def test_cfn_project_main(capfd) -> None:
    """Test CFNProjectMain."""
    aws_env = AWSEnv(regions=["eu-west-1"], stub=True)
    test = MyCFNProject(
        name="TestProject",
        account_id="12345678",
        stack_description="TestStack",
        s3_bucket="cfn-test-deploy-bucket",
        regions=["eu-west-1"],
    )
    test.execute(args=["show"], aws_env=aws_env)

    captured = capfd.readouterr()
    print(captured.out)
    with open(os.path.join(TEST_DIR, "cfn_project_test.out")) as f_out:
        assert captured.out == f_out.read()
Exemplo n.º 29
0
def test_cfn_main_s3() -> None:
    class MyCFNMain(CFNMain):
        def create_stack(self) -> Stack:
            return Stack(name="teststack")

    os.mkdir("data")
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    with default_region("us-east-1"):
        aws_env.client("cloudformation", region="us-east-1")

        stubber = aws_env.stub("cloudformation")
        stubber.add_response("validate_template", {}, {"TemplateURL": ANY})
        stubber.add_response(
            "create_stack",
            {},
            {
                "Capabilities": ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"],
                "StackName": "teststack",
                "ClientRequestToken": ANY,
                "TemplateURL": ANY,
            },
        )
        stubber.add_response("describe_stacks", {}, {"StackName": "teststack"})

        aws_env.client("s3", region="us-east-1")
        s3_stubber = aws_env.stub("s3")
        s3_stubber.add_response(
            "put_object",
            DEFAULT_S3_ANSWER,
            {
                "Bucket": "superbucket",
                "Body": ANY,
                "Key": ANY,
                "ServerSideEncryption": "AES256",
            },
        )
        with stubber:
            with s3_stubber:
                m = MyCFNMain(
                    regions=["us-east-1"],
                    data_dir="data",
                    s3_bucket="superbucket",
                    s3_key="test_key",
                )
                m.execute(args=["push", "--no-wait"], aws_env=aws_env)
Exemplo n.º 30
0
def test_select():
    """Test AMI.select."""
    aws_env = AWSEnv(regions=["us-east-1"], stub=True)
    stub = aws_env.stub("ec2", region="us-east-1")
    stub.add_response(
        "describe_images",
        {
            "Images": [
                {
                    "ImageId": "ami-1",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": [
                        {"Key": "platform", "Value": "x86_64-linux"},
                        {"Key": "os_version", "Value": "suse11"},
                        {"Key": "timestamp", "Value": "4"},
                    ],
                },
                {
                    "ImageId": "ami-2",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": [
                        {"Key": "platform", "Value": "x86_64-linux"},
                        {"Key": "os_version", "Value": "suse11"},
                        {"Key": "timestamp", "Value": "5"},
                    ],
                },
                {
                    "ImageId": "ami-3",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": [
                        {"Key": "platform", "Value": "x86_64-linux"},
                        {"Key": "os_version", "Value": "suse11"},
                        {"Key": "timestamp", "Value": "1"},
                    ],
                },
                {
                    "ImageId": "ami-4",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": [
                        {"Key": "platform", "Value": "x86_64-linux"},
                        {"Key": "timestamp", "Value": "1"},
                    ],
                },
                {
                    "ImageId": "ami-1234",
                    "RootDeviceName": "/dev/sda1",
                    "Tags": [
                        {"Key": "platform", "Value": "x86_64-linux"},
                        {"Key": "os_version", "Value": "ubuntu16.04"},
                        {"Key": "timestamp", "Value": "1"},
                    ],
                },
            ]
        },
        {
            "Filters": [
                {"Name": "tag-key", "Values": ["platform"]},
                {"Name": "tag-key", "Values": ["timestamp"]},
                {"Name": "tag-key", "Values": ["os_version"]},
            ],
            "Owners": ["self"],
        },
    )

    with default_region("us-east-1"):
        ami = AMI.select(platform="x86_64-linux", os_version="suse11")
        assert ami.id == "ami-2"