def test_create_stack_rolearn(
awsclient, cleanup_stack_simple_stack, temp_cloudformation_policy,
cleanup_roles):
# create a stack we use for the test lifecycle
cloudformation_simple_stack, _ = load_cloudformation_template(
here('resources/simple_cloudformation_stack/cloudformation.py')
)
# create role to use for cloudformation deployment
role = create_role_helper(
awsclient,
'unittest_%s_kumo' % utils.random_string(),
policies=[
temp_cloudformation_policy,
'arn:aws:iam::aws:policy/AmazonS3FullAccess'
],
principal_service=['cloudformation.amazonaws.com']
)
cleanup_roles.append(role['RoleName'])
config_rolearn = deepcopy(config_simple_stack)
config_rolearn['stack']['RoleARN'] = role['Arn']
exit_code = deploy_stack(awsclient, {}, config_rolearn,
cloudformation_simple_stack,
override_stack_policy=False)
assert exit_code == 0
def test_update_stack_rolearn(awsclient, simple_cloudformation_stack,
temp_cloudformation_policy, cleanup_roles):
# create a stack we use for the test lifecycle
cloudformation_simple_stack, _ = load_cloudformation_template(
here('resources/simple_cloudformation_stack/cloudformation.py')
)
# create role to use for cloudformation update
role = create_role_helper(
awsclient,
'unittest_%s_kumo' % utils.random_string(),
policies=[
temp_cloudformation_policy,
'arn:aws:iam::aws:policy/AmazonS3FullAccess'
],
principal_service=['cloudformation.amazonaws.com']
)
cleanup_roles.append(role['RoleName'])
config_rolearn = deepcopy(config_simple_stack)
config_rolearn['stack']['RoleARN'] = role['Arn']
change_set_name, stackname, change_set_type = \
create_change_set(awsclient, {}, config_rolearn,
cloudformation_simple_stack)
assert stackname == _get_stack_name(config_rolearn)
assert change_set_name != ''
assert change_set_type == 'UPDATE'
describe_change_set(awsclient, change_set_name, stackname)
# update the stack
changed = get_parameter_diff(awsclient, config_rolearn)
assert not changed
exit_code = deploy_stack(awsclient, {}, config_rolearn,
cloudformation_simple_stack,
override_stack_policy=False)
assert exit_code == 0
def test_deploy_delete_cmds(awsclient, vendored_folder, cleanup_roles,
temp_bucket):
log.info('running test_create_lambda')
temp_string = utils.random_string()
lambda_name = 'jenkins_test_' + temp_string
log.info(lambda_name)
role = create_role_helper(
awsclient,
'unittest_%s_lambda' % temp_string,
policies=[
'arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole',
'arn:aws:iam::aws:policy/AWSLambdaExecute'
])
cleanup_roles.append(role['RoleName'])
config = {
"lambda": {
"name": lambda_name,
"description": "unittest for ramuda",
"role": role['Arn'],
"handlerFunction": "handler.handle",
"handlerFile": "./resources/sample_lambda/handler.py",
"timeout": 300,
"memorySize": 256,
"events": {
"s3Sources": [{
"bucket": temp_bucket,
"type": "s3:ObjectCreated:*",
"suffix": ".gz"
}],
"timeSchedules": [{
"ruleName": "infra-dev-sample-lambda-jobr-T1",
"ruleDescription": "run every 5 min from 0-5",
"scheduleExpression": "cron(0/5 0-5 ? * * *)"
}, {
"ruleName":
"infra-dev-sample-lambda-jobr-T2",
"ruleDescription":
"run every 5 min from 8-23:59",
"scheduleExpression":
"cron(0/5 8-23:59 ? * * *)"
}]
},
"vpc": {
"subnetIds": [
"subnet-d5ffb0b1", "subnet-d5ffb0b1", "subnet-d5ffb0b1",
"subnet-e9db9f9f"
],
"securityGroups": ["sg-660dd700"]
}
},
"bundling": {
"zip":
"bundle.zip",
"folders": [{
"source": "./vendored",
"target": "."
}, {
"source": "./impl",
"target": "impl"
}]
},
"deployment": {
"region": "eu-west-1"
}
}
tooldata = get_tooldata(awsclient, 'ramuda', 'deploy', config=config)
tooldata['context']['_arguments'] = {'--keep': False}
bundle((tooldata['context'], {'ramuda': tooldata['config']}))
deploy_cmd(False, **tooldata)
# now we use the delete cmd to remove the lambda function
tooldata['context']['command'] = 'delete'
delete_cmd(True, lambda_name, True, **tooldata)
def test_create_lambda(awsclient, vendored_folder, cleanup_lambdas,
cleanup_roles):
log.info('running test_create_lambda')
temp_string = helpers.random_string()
lambda_name = 'jenkins_test_' + temp_string
log.info(lambda_name)
role = create_role_helper(
awsclient,
'unittest_%s_lambda' % temp_string,
policies=[
'arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole',
'arn:aws:iam::aws:policy/AWSLambdaExecute'
])
cleanup_roles.append(role['RoleName'])
config = {
"lambda": {
"name": "dp-dev-sample-lambda-jobr1",
"description": "lambda test for ramuda",
"role": "'unused'",
"handlerFunction": "handler.handle",
"handlerFile": "./resources/sample_lambda/handler.py",
"timeout": 300,
"memorySize": 256,
"events": {
"s3Sources": [{
"bucket": "jobr-test",
"type": "s3:ObjectCreated:*",
"suffix": ".gz"
}],
"timeSchedules": [{
"ruleName": "infra-dev-sample-lambda-jobr-T1",
"ruleDescription": "run every 5 min from 0-5",
"scheduleExpression": "cron(0/5 0-5 ? * * *)"
}, {
"ruleName":
"infra-dev-sample-lambda-jobr-T2",
"ruleDescription":
"run every 5 min from 8-23:59",
"scheduleExpression":
"cron(0/5 8-23:59 ? * * *)"
}]
},
"vpc": {
"subnetIds": [
"subnet-d5ffb0b1", "subnet-d5ffb0b1", "subnet-d5ffb0b1",
"subnet-e9db9f9f"
],
"securityGroups": ["sg-660dd700"]
}
},
"bundling": {
"zip":
"bundle.zip",
"folders": [{
"source": "./vendored",
"target": "."
}, {
"source": "./impl",
"target": "impl"
}]
},
"deployment": {
"region": "eu-west-1"
}
}
lambda_description = config['lambda'].get('description')
# print (role)
role_arn = role['Arn']
lambda_handler = config['lambda'].get('handlerFunction')
handler_filename = config['lambda'].get('handlerFile')
timeout = int(config['lambda'].get('timeout'))
memory_size = int(config['lambda'].get('memorySize'))
zip_name = config['bundling'].get('zip')
folders_from_file = config['bundling'].get('folders')
subnet_ids = config['lambda'].get('vpc', {}).get('subnetIds', None)
security_groups = config['lambda'].get('vpc',
{}).get('securityGroups', None)
region = config['deployment'].get('region')
artifact_bucket = config['deployment'].get('artifactBucket', None)
zipfile = _get_zipped_file(
handler_filename,
folders_from_file,
)
deploy_lambda(awsclient=awsclient,
function_name=lambda_name,
role=role_arn,
handler_filename=handler_filename,
handler_function=lambda_handler,
folders=folders_from_file,
description=lambda_description,
timeout=timeout,
memory=memory_size,
artifact_bucket=artifact_bucket,
zipfile=zipfile)
# TODO improve this (by using a waiter??)
cleanup_lambdas.append(lambda_name)
def test_create_update_stack_artifactbucket(awsclient, temp_cloudformation_policy,
cleanup_roles, cleanup_buckets):
# create a stack we use for the test lifecycle
cloudformation_simple_stack, _ = load_cloudformation_template(
here('resources/simple_cloudformation_stack/cloudformation.py')
)
upload_conf = {
'stack': {
'StackName': "infra-dev-kumo-sample-stack",
'artifactBucket': "unittest-kumo-artifact-bucket"
},
'parameters': {
'InstanceType': "t2.micro",
}
}
region = awsclient.get_client('s3').meta.region_name
account = os.getenv('ACCOUNT', None)
# add account prefix to artifact bucket config
if account:
upload_conf['stack']['artifactBucket'] = \
'%s-unittest-kumo-artifact-bucket' % account
artifact_bucket = _get_artifact_bucket(upload_conf)
prepare_artifacts_bucket(awsclient, artifact_bucket)
cleanup_buckets.append(artifact_bucket)
dest_key = 'kumo/%s/%s-cloudformation.json' % (region,
_get_stack_name(upload_conf))
expected_s3url = 'https://s3-%s.amazonaws.com/%s/%s' % (region,
artifact_bucket,
dest_key)
actual_s3url = _s3_upload(awsclient, upload_conf,
generate_template({}, upload_conf, cloudformation_simple_stack))
assert expected_s3url == actual_s3url
# create role to use for cloudformation update
role = create_role_helper(
awsclient,
'unittest_%s_kumo' % utils.random_string(),
policies=[
temp_cloudformation_policy,
'arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess',
'arn:aws:iam::aws:policy/AmazonS3FullAccess'
],
principal_service=['cloudformation.amazonaws.com']
)
cleanup_roles.append(role['RoleName'])
# create
exit_code = deploy_stack(awsclient, {}, upload_conf,
cloudformation_simple_stack,
override_stack_policy=False)
assert exit_code == 0
stack_id = get_stack_id(awsclient, upload_conf['stack']['StackName'])
wait_for_stack_create_complete(awsclient, stack_id)
# update (as a change we add the RoleARN)
upload_conf['stack']['RoleARN'] = role['Arn']
# update the stack
changed = get_parameter_diff(awsclient, upload_conf)
assert not changed
exit_code = deploy_stack(awsclient, {}, upload_conf,
cloudformation_simple_stack,
override_stack_policy=False)
assert exit_code == 0
wait_for_stack_update_complete(awsclient, stack_id)
# cleanup
exit_code = delete_stack(awsclient, upload_conf)
assert exit_code == 0
wait_for_stack_delete_complete(awsclient, stack_id)
