def test_delete_vpc_with_attached_internet_gateway(self): igw_ctx = { 'name': 'igw01' } vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24', 'internet_gateway': 'igw01' } igw_filters = [{'Name': 'tag:Name', 'Values': ['igw01']}] vpc_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_vpc.VpcWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Vpc' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the internet gateway h = ec2_igw.create_handler(igw_ctx, self.credentials) h.create_resource() gateways = list(ec2.internet_gateways.filter(Filters=igw_filters)) igw = gateways[0] self.assertCountEqual(igw.attachments, []) # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=vpc_filters)) vpc = vpcs[0] # Test that the internet gateway has been attached igw.reload() attachments = [{'VpcId': vpc.id, 'State': 'available'}] self.assertCountEqual(igw.attachments, attachments) # We clear the resource cache to simulate a new # program execution with the 'delete' option base.BaseHandler._cache.clear() # Delete the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.delete_resource() vpcs = list(ec2.vpcs.filter(Filters=vpc_filters)) self.assertEqual(len(vpcs), 0)
def test_create_subnet(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } subnet_ctx = { 'name': 'subnet01a', 'cidr_block': '10.0.10.0/25', 'zone': 'us-west-2a', 'vpc': 'vpc01', 'tags': { 'description': 'Test subnet (zone a) for VPC vpc01' } } tags = [ { 'Key': 'Name', 'Value': 'subnet01a' }, { 'Key': 'Description', 'Value': 'Test subnet (zone a) for VPC vpc01' } ] vpc_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] subnet_filters = [{'Name': 'tag:Name', 'Values': ['subnet01a']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_subnet.SubnetWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Subnet' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=vpc_filters)) vpc = vpcs[0] # Create the subnet h = ec2_subnet.create_handler(subnet_ctx, self.credentials) h.create_resource() subnets = list(ec2.subnets.filter(Filters=subnet_filters)) subnet = subnets[0] self.assertEqual(len(subnets), 1) self.assertEqual(subnet.name, 'subnet01a') self.assertEqual(subnet.cidr_block, '10.0.10.0/25') self.assertEqual(subnet.availability_zone, 'us-west-2a') self.assertEqual(subnet.vpc_id, vpc.id) self.assertEqual(subnet.map_public_ip_on_launch, False) self.assertCountEqual(subnet.tags, tags)
def test_delete_vpc(self): ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_vpc.VpcWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Vpc' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(ctx, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=filters)) self.assertEqual(len(vpcs), 1) # We clear the resource cache to simulate a new # program execution with the 'delete' option base.BaseHandler._cache.clear() # Delete the VPC h.delete_resource() vpcs = list(ec2.vpcs.filter(Filters=filters)) self.assertEqual(len(vpcs), 0)
def test_delete_route_table_with_association(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } subnet_ctx = { 'name': 'subnet01a', 'cidr_block': '10.0.10.0/25', 'zone': 'us-west-2a', 'vpc': 'vpc01' } rt_ctx = { 'name': 'rt01', 'vpc': 'vpc01', 'subnets': [ 'subnet01a' ] } filters = [{'Name': 'tag:Name', 'Values': ['rt01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_rt.RouteTableWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.RouteTable' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the subnet h = ec2_subnet.create_handler(subnet_ctx, self.credentials) h.create_resource() # Create the route table h = ec2_rt.create_handler(rt_ctx, self.credentials) h.create_resource() route_tables = list(ec2.route_tables.filter(Filters=filters)) self.assertEqual(len(route_tables), 1) # We clear the resource cache to simulate a new # program execution with the 'delete' option base.BaseHandler._cache.clear() # Delete the route table h.delete_resource() route_tables = list(ec2.route_tables.filter(Filters=filters)) self.assertEqual(len(route_tables), 0)
def test_create_route_table(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } rt_ctx = { 'name': 'rt01', 'vpc': 'vpc01', 'tags': { 'description': 'Replace the default route table for VPC vpc01' } } tags = [ { 'Key': 'Name', 'Value': 'rt01' }, { 'Key': 'Description', 'Value': 'Replace the default route table for VPC vpc01' } ] vpc_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] rt_filters = [{'Name': 'tag:Name', 'Values': ['rt01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_rt.RouteTableWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.RouteTable' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=vpc_filters)) vpc = vpcs[0] # Create the route table h = ec2_rt.create_handler(rt_ctx, self.credentials) h.create_resource() route_tables = list(ec2.route_tables.filter(Filters=rt_filters)) rt = route_tables[0] self.assertEqual(len(route_tables), 1) self.assertEqual(rt.name, 'rt01') self.assertEqual(rt.vpc_id, vpc.id) self.assertCountEqual(rt.tags, tags)
def test_create_security_group(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } sg_ctx = { 'name': 'sg01a', 'description': 'Test security group sg01a', 'vpc': 'vpc01' } tags = [ { 'Key': 'Name', 'Value': 'sg01a' } ] vpc_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] sg_filters = [{'Name': 'tag:Name', 'Values': ['sg01a']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_sg.SecurityGroupWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.SecurityGroup' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=vpc_filters)) vpc = vpcs[0] # Create the security group h = ec2_sg.create_handler(sg_ctx, self.credentials) h.create_resource() security_groups = list(ec2.security_groups.filter(Filters=sg_filters)) sg = security_groups[0] self.assertEqual(len(security_groups), 1) self.assertEqual(sg.name, 'sg01a') # Security groups have a dedicated attribute for their name self.assertEqual(sg.name, sg.group_name) self.assertEqual(sg.vpc_id, vpc.id) self.assertCountEqual(sg.tags, tags)
def test_delete_security_group(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } sg_ctx = { 'name': 'sg01a', 'description': 'Test security group sg01a', 'vpc': 'vpc01' } filters = [{'Name': 'tag:Name', 'Values': ['sg01a']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_sg.SecurityGroupWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.SecurityGroup' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the security group h = ec2_sg.create_handler(sg_ctx, self.credentials) h.create_resource() security_groups = list(ec2.security_groups.filter(Filters=filters)) self.assertEqual(len(security_groups), 1) # We clear the resource cache to simulate a new # program execution with the 'delete' option base.BaseHandler._cache.clear() # Delete the security group h.delete_resource() security_groups = list(ec2.security_groups.filter(Filters=filters)) self.assertEqual(len(security_groups), 0)
def test_create_vpc(self): ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24', 'tags': { 'description': 'VPC vpc01 (subnet01a & subnet01b)' } } tags = [ { 'Key': 'Name', 'Value': 'vpc01' }, { 'Key': 'Description', 'Value': 'VPC vpc01 (subnet01a & subnet01b)' } ] filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_vpc.VpcWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Vpc' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(ctx, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=filters)) vpc = vpcs[0] self.assertEqual(len(vpcs), 1) self.assertEqual(vpc.name, 'vpc01') self.assertEqual(vpc.cidr_block, '10.0.10.0/24') self.assertCountEqual(vpc.tags, tags)
def test_delete_route(self): igw_ctx = { 'name': 'igw01' } vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24', 'internet_gateway': 'igw01' } rt_ctx1 = { 'name': 'rt01', 'vpc': 'vpc01', 'routes': [ { 'destination': '0.0.0.0/0', 'target_name': 'igw01', 'target_type': 'internet_gateway' } ] } rt_ctx2 = { 'name': 'rt01', 'vpc': 'vpc01', 'routes': None } igw_filters = [{'Name': 'tag:Name', 'Values': ['igw01']}] rt_filters = [{'Name': 'tag:Name', 'Values': ['rt01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_rt.RouteTableWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.RouteTable' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the internet gateway h = ec2_igw.create_handler(igw_ctx, self.credentials) h.create_resource() internet_gateways = list(ec2.internet_gateways.filter(Filters=igw_filters)) igw = internet_gateways[0] # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the route table h = ec2_rt.create_handler(rt_ctx1, self.credentials) h.create_resource() route_tables = list(ec2.route_tables.filter(Filters=rt_filters)) rt = route_tables[0] route = { 'GatewayId': igw.id, 'DestinationCidrBlock': '0.0.0.0/0', 'Origin': 'CreateRoute', 'State': 'active' } route_wrapper = ec2_rt.RouteWrapper(route) self.assertEqual(len(rt.routes), 2) # the new route + the default VPC route self.assertIn(route_wrapper, rt.custom_routes) # We clear the resource cache to simulate a new # program execution with the 'update' option base.BaseHandler._cache.clear() # Update the route table h = ec2_rt.create_handler(rt_ctx2, self.credentials) h.update_resource() route_tables = list(ec2.route_tables.filter(Filters=rt_filters)) rt = route_tables[0] self.assertEqual(len(rt.routes), 1) # the default VPC route self.assertCountEqual(rt.custom_routes, [])
def test_change_subnet_association(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } subnet_ctx = { 'name': 'subnet01a', 'cidr_block': '10.0.10.0/25', 'zone': 'us-west-2a', 'vpc': 'vpc01' } rt_ctx1 = { 'name': 'rt01', 'vpc': 'vpc01', 'subnets': [ 'subnet01a' ] } rt_ctx2 = { 'name': 'rt02', 'vpc': 'vpc01', 'subnets': [ 'subnet01a' ] } subnet_filters = [{'Name': 'tag:Name', 'Values': ['subnet01a']}] rt01_filters = [{'Name': 'tag:Name', 'Values': ['rt01']}] rt02_filters = [{'Name': 'tag:Name', 'Values': ['rt02']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_rt.RouteTableWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.RouteTable' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the subnet h = ec2_subnet.create_handler(subnet_ctx, self.credentials) h.create_resource() subnets = list(ec2.subnets.filter(Filters=subnet_filters)) subnet = subnets[0] # Create route table rt01 h = ec2_rt.create_handler(rt_ctx1, self.credentials) h.create_resource() route_tables = list(ec2.route_tables.filter(Filters=rt01_filters)) rt01 = route_tables[0] filters = [ { 'Name': 'association.subnet-id', 'Values': [subnet.id] }, { 'Name': 'association.route-table-id', 'Values': [rt01.id] } ] associations = list(rt01.associations.filter(Filters=filters)) self.assertEqual(len(associations), 1) # Create route table rt02 h = ec2_rt.create_handler(rt_ctx2, self.credentials) h.create_resource() route_tables = list(ec2.route_tables.filter(Filters=rt02_filters)) rt02 = route_tables[0] filters = [ { 'Name': 'association.subnet-id', 'Values': [subnet.id] }, { 'Name': 'association.route-table-id', 'Values': [rt02.id] } ] associations = list(rt02.associations.filter(Filters=filters)) self.assertEqual(len(associations), 1)
def test_update_vpc(self): ctx1 = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24', 'tags': { 'description': 'VPC vpc01 (subnet01a & subnet01b)', 'stack': 'Test', 'owner': 'Team A' } } ctx2 = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24', 'tags': { 'description': 'VPC vpc01 (subnet01a & subnet01b)', 'stack': 'Production' } } tags1 = [ { 'Key': 'Name', 'Value': 'vpc01' }, { 'Key': 'Description', 'Value': 'VPC vpc01 (subnet01a & subnet01b)' }, { 'Key': 'Stack', 'Value': 'Test' }, { 'Key': 'Owner', 'Value': 'Team A' } ] tags2 = [ { 'Key': 'Name', 'Value': 'vpc01' }, { 'Key': 'Description', 'Value': 'VPC vpc01 (subnet01a & subnet01b)' }, { 'Key': 'Stack', 'Value': 'Production' } ] filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_vpc.VpcWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Vpc' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(ctx1, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=filters)) vpc = vpcs[0] vpc_id = vpc.id self.assertEqual(len(vpcs), 1) self.assertCountEqual(vpc.tags, tags1) # We clear the resource cache to simulate a new # program execution with the 'update' option base.BaseHandler._cache.clear() # Update the VPC h = ec2_vpc.create_handler(ctx2, self.credentials) h.update_resource() vpcs = list(ec2.vpcs.filter(Filters=filters)) vpc = vpcs[0] self.assertEqual(len(vpcs), 1) self.assertEqual(vpc.id, vpc_id) self.assertCountEqual(vpc.tags, tags2)
def test_authorize_ingress_rule(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } sg_ctx = { 'name': 'sg01a', 'description': 'Test security group sg01a', 'vpc': 'vpc01', 'ingress': [ { 'ip_protocol': 'tcp', 'from_port': 22, 'to_port': 22, 'sources': [ '192.0.2.10/32' ] } ] } ip_permission = { 'IpProtocol': 'tcp', 'FromPort': 22, 'ToPort': 22, 'IpRanges': [ { 'CidrIp': '192.0.2.10/32' } ], 'UserIdGroupPairs': [] } rule = ec2_sg.RuleWrapper(ip_permission, flow='source') filters = [{'Name': 'tag:Name', 'Values': ['sg01a']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_sg.SecurityGroupWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.SecurityGroup' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the security group h = ec2_sg.create_handler(sg_ctx, self.credentials) h.create_resource() security_groups = list(ec2.security_groups.filter(Filters=filters)) sg = security_groups[0] self.assertEqual(len(security_groups), 1) self.assertEqual(len(sg.ingress_rules), 1) self.assertIn(rule, sg.ingress_rules)
def test_update_security_group(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } sg_ctx1 = { 'name': 'sg01b', 'description': 'Test security group sg01b', 'vpc': 'vpc01', 'tags': { 'stack': 'Test', 'owner': 'Team A' } } sg_ctx2 = { 'name': 'sg01b', 'description': 'Test security group sg01b', 'vpc': 'vpc01', 'tags': { 'stack': 'Production', 'platform': 'app01' } } tags1 = [ { 'Key': 'Name', 'Value': 'sg01b' }, { 'Key': 'Stack', 'Value': 'Test' }, { 'Key': 'Owner', 'Value': 'Team A' } ] tags2 = [ { 'Key': 'Name', 'Value': 'sg01b' }, { 'Key': 'Stack', 'Value': 'Production' }, { 'Key': 'Platform', 'Value': 'app01' } ] sg_filters = [{'Name': 'tag:Name', 'Values': ['sg01b']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_sg.SecurityGroupWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.SecurityGroup' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the security group h = ec2_sg.create_handler(sg_ctx1, self.credentials) h.create_resource() security_groups = list(ec2.security_groups.filter(Filters=sg_filters)) sg = security_groups[0] sg_id = sg.id self.assertEqual(len(security_groups), 1) self.assertCountEqual(sg.tags, tags1) # We clear the resource cache to simulate a new # program execution with the 'update' option base.BaseHandler._cache.clear() # Update the security group h = ec2_sg.create_handler(sg_ctx2, self.credentials) h.update_resource() security_groups = list(ec2.security_groups.filter(Filters=sg_filters)) sg = security_groups[0] self.assertEqual(len(security_groups), 1) self.assertEqual(sg.id, sg_id) self.assertCountEqual(sg.tags, tags2)
def test_revoke_egress_rule(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } sg_ctx1 = { 'name': 'sg01a', 'description': 'Test security group sg01a', 'vpc': 'vpc01', 'egress': [ { 'ip_protocol': '-1', 'from_port': -1, 'to_port': -1, 'destinations': [ '0.0.0.0/0' ] } ] } sg_ctx2 = { 'name': 'sg01a', 'description': 'Test security group sg01a', 'vpc': 'vpc01' } ip_permission = { 'IpProtocol': '-1', 'FromPort': -1, 'ToPort': -1, 'IpRanges': [ { 'CidrIp': '0.0.0.0/0' } ], 'UserIdGroupPairs': [] } rule = ec2_sg.RuleWrapper(ip_permission, flow='destination') filters = [{'Name': 'tag:Name', 'Values': ['sg01a']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_sg.SecurityGroupWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.SecurityGroup' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the security group h = ec2_sg.create_handler(sg_ctx1, self.credentials) h.create_resource() security_groups = list(ec2.security_groups.filter(Filters=filters)) sg = security_groups[0] self.assertEqual(len(security_groups), 1) self.assertEqual(len(sg.egress_rules), 1) self.assertIn(rule, sg.egress_rules) # We clear the resource cache to simulate a new # program execution with the 'update' option base.BaseHandler._cache.clear() # Update the security group h = ec2_sg.create_handler(sg_ctx2, self.credentials) h.update_resource() security_groups = list(ec2.security_groups.filter(Filters=filters)) sg = security_groups[0] self.assertEqual(len(security_groups), 1) self.assertEqual(len(sg.egress_rules), 0)
def test_authorize_egress_rule_for_sg(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } sg_ctx1 = { 'name': 'sg01b', 'description': 'Test security group sg01b', 'vpc': 'vpc01' } sg_ctx2 = { 'name': 'sg01a', 'description': 'Test security group sg01a', 'vpc': 'vpc01', 'egress': [ { 'ip_protocol': 'tcp', 'from_port': 11211, 'to_port': 11211, 'destinations': [ 'sg01b' ] } ] } filters1 = [{'Name': 'tag:Name', 'Values': ['sg01b']}] filters2 = [{'Name': 'tag:Name', 'Values': ['sg01a']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_sg.SecurityGroupWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.SecurityGroup' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the security groups h = ec2_sg.create_handler(sg_ctx1, self.credentials) h.create_resource() h = ec2_sg.create_handler(sg_ctx2, self.credentials) h.create_resource() security_groups = list(ec2.security_groups.filter(Filters=filters1)) sg01b = security_groups[0] self.assertEqual(len(security_groups), 1) security_groups = list(ec2.security_groups.filter(Filters=filters2)) sg01a = security_groups[0] self.assertEqual(len(security_groups), 1) ip_permission = { 'IpProtocol': 'tcp', 'FromPort': 11211, 'ToPort': 11211, 'IpRanges': [], 'UserIdGroupPairs': [ { 'GroupId': sg01b.id, 'UserId': sg01b.owner_id } ] } rule = ec2_sg.RuleWrapper(ip_permission, flow='destination') self.assertEqual(len(sg01a.egress_rules), 1) self.assertIn(rule, sg01a.egress_rules)
def test_update_route_table(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } rt_ctx1 = { 'name': 'rt01', 'vpc': 'vpc01', 'tags': { 'description': 'Replace the default route table for VPC vpc01', 'stack': 'Test', 'owner': 'Team A' } } rt_ctx2 = { 'name': 'rt01', 'vpc': 'vpc01', 'tags': { 'description': 'Replace the default route table for VPC vpc01', 'stack': 'Production' } } tags1 = [ { 'Key': 'Name', 'Value': 'rt01' }, { 'Key': 'Description', 'Value': 'Replace the default route table for VPC vpc01' }, { 'Key': 'Stack', 'Value': 'Test' }, { 'Key': 'Owner', 'Value': 'Team A' } ] tags2 = [ { 'Key': 'Name', 'Value': 'rt01' }, { 'Key': 'Description', 'Value': 'Replace the default route table for VPC vpc01' }, { 'Key': 'Stack', 'Value': 'Production' } ] rt_filters = [{'Name': 'tag:Name', 'Values': ['rt01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_rt.RouteTableWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.RouteTable' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the route table h = ec2_rt.create_handler(rt_ctx1, self.credentials) h.create_resource() route_tables = list(ec2.route_tables.filter(Filters=rt_filters)) rt = route_tables[0] rt_id = rt.id self.assertEqual(len(route_tables), 1) self.assertCountEqual(rt.tags, tags1) # Update the route table h = ec2_rt.create_handler(rt_ctx2, self.credentials) h.update_resource() route_tables = list(ec2.route_tables.filter(Filters=rt_filters)) rt = route_tables[0] self.assertEqual(len(route_tables), 1) self.assertEqual(rt.id, rt_id) self.assertCountEqual(rt.tags, tags2)
def test_update_map_public_ip_on_launch(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } subnet_ctx1 = { 'name': 'subnet01b', 'cidr_block': '10.0.10.128/25', 'zone': 'us-west-2b', 'vpc': 'vpc01' } subnet_ctx2 = { 'name': 'subnet01b', 'cidr_block': '10.0.10.128/25', 'zone': 'us-west-2b', 'vpc': 'vpc01', 'map_public_ip_on_launch': True } subnet_filters = [{'Name': 'tag:Name', 'Values': ['subnet01b']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_subnet.SubnetWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Subnet' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the subnet h = ec2_subnet.create_handler(subnet_ctx1, self.credentials) h.create_resource() subnets = list(ec2.subnets.filter(Filters=subnet_filters)) subnet = subnets[0] subnet_id = subnet.id self.assertEqual(len(subnets), 1) self.assertEqual(subnet.name, 'subnet01b') self.assertEqual(subnet.cidr_block, '10.0.10.128/25') self.assertEqual(subnet.availability_zone, 'us-west-2b') self.assertEqual(subnet.map_public_ip_on_launch, False) # We clear the resource cache to simulate a new # program execution with the 'update' option base.BaseHandler._cache.clear() # Update the subnet h = ec2_subnet.create_handler(subnet_ctx2, self.credentials) h.update_resource() subnets = list(ec2.subnets.filter(Filters=subnet_filters)) subnet = subnets[0] self.assertEqual(len(subnets), 1) self.assertEqual(subnet.id, subnet_id) self.assertEqual(subnet.map_public_ip_on_launch, True)
def test_internet_gateway_already_attached(self): igw01_ctx = { 'name': 'igw01' } vpc01_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24', 'internet_gateway': 'igw01' } vpc02_ctx = { 'name': 'vpc02', 'cidr_block': '10.0.20.0/24', 'internet_gateway': 'igw01' } igw01_filters = [{'Name': 'tag:Name', 'Values': ['igw01']}] vpc01_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] vpc02_filters = [{'Name': 'tag:Name', 'Values': ['vpc02']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_vpc.VpcWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Vpc' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the internet gateway h = ec2_igw.create_handler(igw01_ctx, self.credentials) h.create_resource() gateways = list(ec2.internet_gateways.filter(Filters=igw01_filters)) igw01 = gateways[0] self.assertCountEqual(igw01.attachments, []) # Create the first VPC (vpc01) h = ec2_vpc.create_handler(vpc01_ctx, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=vpc01_filters)) vpc01 = vpcs[0] attachments = [{'VpcId': vpc01.id, 'State': 'available'}] # Test that the internet gateway has been attached igw01.reload() self.assertCountEqual(igw01.attachments, attachments) # Create the second VPC (vpc02) h = ec2_vpc.create_handler(vpc02_ctx, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=vpc02_filters)) vpc02 = vpcs[0] self.assertNotEqual(vpc01.id, vpc02.id) # Test that the internet gateway is still attached to the first VPC igw01.reload() self.assertCountEqual(igw01.attachments, attachments)
def test_update_subnet(self): vpc_ctx = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24' } subnet_ctx1 = { 'name': 'subnet01b', 'cidr_block': '10.0.10.128/25', 'zone': 'us-west-2b', 'vpc': 'vpc01', 'tags': { 'description': 'Test subnet (zone b) for VPC vpc01', 'stack': 'Test', 'owner': 'Team A' } } subnet_ctx2 = { 'name': 'subnet01b', 'cidr_block': '10.0.10.128/25', 'zone': 'us-west-2b', 'vpc': 'vpc01', 'tags': { 'description': 'Test subnet (zone b) for VPC vpc01', 'stack': 'Production' } } tags1 = [ { 'Key': 'Name', 'Value': 'subnet01b' }, { 'Key': 'Description', 'Value': 'Test subnet (zone b) for VPC vpc01' }, { 'Key': 'Stack', 'Value': 'Test' }, { 'Key': 'Owner', 'Value': 'Team A' } ] tags2 = [ { 'Key': 'Name', 'Value': 'subnet01b' }, { 'Key': 'Description', 'Value': 'Test subnet (zone b) for VPC vpc01' }, { 'Key': 'Stack', 'Value': 'Production' } ] subnet_filters = [{'Name': 'tag:Name', 'Values': ['subnet01b']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_subnet.SubnetWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Subnet' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the VPC h = ec2_vpc.create_handler(vpc_ctx, self.credentials) h.create_resource() # Create the subnet h = ec2_subnet.create_handler(subnet_ctx1, self.credentials) h.create_resource() subnets = list(ec2.subnets.filter(Filters=subnet_filters)) subnet = subnets[0] subnet_id = subnet.id self.assertEqual(len(subnets), 1) self.assertCountEqual(subnet.tags, tags1) # We clear the resource cache to simulate a new # program execution with the 'update' option base.BaseHandler._cache.clear() # Update the subnet h = ec2_subnet.create_handler(subnet_ctx2, self.credentials) h.update_resource() subnets = list(ec2.subnets.filter(Filters=subnet_filters)) subnet = subnets[0] self.assertEqual(len(subnets), 1) self.assertEqual(subnet.id, subnet_id) self.assertCountEqual(subnet.tags, tags2)
def test_another_internet_gateway_already_attached_2(self): # Case 2: an internet gateway is attached to the VPC and there # is another internet gateway defined in the configuration. We # also leave everything unchanged. igw01_ctx = { 'name': 'igw01' } igw02_ctx = { 'name': 'igw02' } vpc01_ctx1 = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24', 'internet_gateway': 'igw01' } vpc01_ctx2 = { 'name': 'vpc01', 'cidr_block': '10.0.10.0/24', 'internet_gateway': 'igw02' } igw01_filters = [{'Name': 'tag:Name', 'Values': ['igw01']}] igw02_filters = [{'Name': 'tag:Name', 'Values': ['igw02']}] vpc01_filters = [{'Name': 'tag:Name', 'Values': ['vpc01']}] def _add_wrapper(base_classes, **kwargs): base_classes.insert(0, ec2_vpc.VpcWrapper) with mock_ec2(): event = 'creating-resource-class.ec2.Vpc' session = Session(**self.credentials) session.events.register(event, _add_wrapper) ec2 = session.resource('ec2') # Create the first internet gateway h = ec2_igw.create_handler(igw01_ctx, self.credentials) h.create_resource() gateways = list(ec2.internet_gateways.filter(Filters=igw01_filters)) igw01 = gateways[0] self.assertCountEqual(igw01.attachments, []) # Create the VPC h = ec2_vpc.create_handler(vpc01_ctx1, self.credentials) h.create_resource() vpcs = list(ec2.vpcs.filter(Filters=vpc01_filters)) vpc01 = vpcs[0] attachments = [{'VpcId': vpc01.id, 'State': 'available'}] # Test that the internet gateway has been attached igw01.reload() self.assertCountEqual(igw01.attachments, attachments) # Create the second internet gateway h = ec2_igw.create_handler(igw02_ctx, self.credentials) h.create_resource() gateways = list(ec2.internet_gateways.filter(Filters=igw02_filters)) igw02 = gateways[0] self.assertCountEqual(igw02.attachments, []) # We clear the resource cache to simulate a new # program execution with the 'update' option base.BaseHandler._cache.clear() # Update the VPC with the new context h = ec2_vpc.create_handler(vpc01_ctx2, self.credentials) h.update_resource() # Test that the first internet gateway is still attached to the VPC igw01.reload() self.assertCountEqual(igw01.attachments, attachments) # Test that the second internet gateway is not attached igw02.reload() self.assertCountEqual(igw02.attachments, [])