def test_variable_has_default_value(self): validator = t.Validator( os.path.join(self.path, "fixtures/default_variable")) expected_error = self.error_list_format( "Variable 'bar' should have a default value") with self.assertRaisesRegexp(AssertionError, expected_error): validator.variable('bar').default_value_exists()
def test_variable_default_value_matches_regex(self): validator = t.Validator( os.path.join(self.path, "fixtures/default_variable")) expected_error = self.error_list_format( "Variable 'bizz' should have a default value that matches regex '^123'. Is: abc" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.variable('bizz').default_value_matches_regex('^123')
def test_resource_property_invalid_json(self): validator = t.Validator( os.path.join(self.path, "fixtures/invalid_json")) expected_error = self.error_list_format( "[aws_s3_bucket.invalidjson.policy] is not valid json") with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_s3_bucket').property( 'policy').should_contain_valid_json()
def test_parsing_variable_with_unimplemented_interpolation_function(self): validator = t.Validator( os.path.join(self.path, "fixtures/unimplemented_interpolation")) validator.enable_variable_expansion() self.assertRaises( t.TerraformUnimplementedInterpolationException, validator.resources('aws_instance').property('value').should_equal, 'abc')
def test_lowercase_formatting_in_variable_substitution(self): validator = t.Validator( os.path.join(self.path, "fixtures/lower_format_variable")) validator.enable_variable_expansion() validator.resources('aws_instance').property('value').should_equal( 'abc') validator.resources('aws_instance2').property('value').should_equal( 'abcDEF')
def test_boolean_equal(self): validator = t.Validator( os.path.join(self.path, "fixtures/boolean_compare")) values = [True, "true", "True"] for i in range(1, 5): for value in values: validator.resources("aws_db_instance").property( "storage_encrypted{0}".format(i)).should_equal(value)
def test_property_list_scenario(self): validator = t.Validator( os.path.join(self.path, "fixtures/list_property")) validator.error_if_property_missing() validator.resources("aws_autoscaling_group").property("tag").property( 'propagate_at_launch').should_equal("True") validator.resources("aws_autoscaling_group").property("tag").property( 'propagate_at_launch').should_equal(True)
def test_nested_resource(self): validator = t.Validator( os.path.join(self.path, "fixtures/nested_resource")) validator.resources('aws_instance').property( 'nested_resource').property('value').should_equal(1) expected_error = self.error_list_format( "[aws_instance.foo.nested_resource.value] should be '2'. Is: '1'") with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').property( 'nested_resource').property('value').should_equal(2)
def test_multiple_variable_substitutions(self): validator = t.Validator( os.path.join(self.path, "fixtures/multiple_variables")) validator.enable_variable_expansion() validator.resources('aws_instance').property('value').should_equal(12) expected_error = self.error_list_format( "[aws_instance.foo.value] should be '21'. Is: '12'") with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').property('value').should_equal( 21)
def test_searching_for_property_value_using_regex(self): validator = t.Validator( os.path.join(self.path, "fixtures/regex_variables")) validator.resources('aws_instance').find_property( '^CPM_Service_[A-Za-z]+$').should_equal(1) expected_error = self.error_list_format( "[aws_instance.foo.CPM_Service_wibble] should be '2'. Is: '1'") with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').find_property( '^CPM_Service_[A-Za-z]+$').should_equal(2)
def test_searching_for_property_on_nonexistant_nested_resource(self): validator = t.Validator(os.path.join(self.path, "fixtures/resource")) validator.error_if_property_missing() expected_error = self.error_list_format([ "[aws_instance.bar] should have property: 'tags'", "[aws_instance.foo] should have property: 'tags'" ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').property('tags').property( 'tagname').should_equal(1)
def test_missing_variable_substitution(self): validator = t.Validator( os.path.join(self.path, "fixtures/missing_variable")) validator.enable_variable_expansion() expected_error = self.error_list_format( "There is no Terraform variable 'missing'") with self.assertRaisesRegexp(t.TerraformVariableException, expected_error): validator.resources('aws_instance').property('value').should_equal( 1)
def test_resource_property_value_matches_regex(self): validator = t.Validator(os.path.join(self.path, "fixtures/resource")) validator.resources('aws_instance').property( 'value').should_match_regex('[0-9]') expected_error = self.error_list_format([ "[aws_instance.bar.value] should match regex '[a-z]'", "[aws_instance.foo.value] should match regex '[a-z]'" ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').property( 'value').should_match_regex('[a-z]')
def test_variable_expansion(self): validator = t.Validator( os.path.join(self.path, "fixtures/variable_expansion")) validator.resources('aws_instance').property('value').should_equal( '${var.bar}') expected_error = self.error_list_format( "[aws_instance.foo.value] should be '${bar.var}'. Is: '${var.bar}'" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').property('value').should_equal( '${bar.var}')
def test_resource_name_matches_regex(self): validator = t.Validator( os.path.join(self.path, "fixtures/resource_name")) validator.resources('aws_foo').name_should_match_regex('^[a-z0-9_]*$') expected_error = self.error_list_format( "[aws_instance.TEST_RESOURCE] name should match regex '^[a-z0-9_]*$'" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').name_should_match_regex( '^[a-z0-9_]*$')
def test_resource_not_equals(self): validator = t.Validator(os.path.join(self.path, "fixtures/resource")) validator.resources('aws_instance').property('value').should_not_equal( 0) expected_error = self.error_list_format([ "[aws_instance.bar.value] should not be '1'. Is: '1'", "[aws_instance.foo.value] should not be '1'. Is: '1'" ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').property( 'value').should_not_equal(1)
def test_with_nested_property(self): validator = t.Validator( os.path.join(self.path, "fixtures/with_property")) expected_error = self.error_list_format( "[aws_s3_bucket.tagged_bucket.policy] is not valid json") tagged_buckets = validator.resources("aws_s3_bucket").with_property( "tags", ".*'CustomTag':.*'CustomValue'.*") with self.assertRaisesRegexp(AssertionError, expected_error): tagged_buckets.property("policy").should_contain_valid_json()
def test_with_property(self): validator = t.Validator( os.path.join(self.path, "fixtures/with_property")) expected_error = self.error_list_format( "[aws_s3_bucket.private_bucket.policy] is not valid json") private_buckets = validator.resources("aws_s3_bucket").with_property( "acl", "private") with self.assertRaisesRegexp(AssertionError, expected_error): private_buckets.property("policy").should_contain_valid_json()
def test_list_should_contain(self): validator = t.Validator( os.path.join(self.path, "fixtures/list_variable")) validator.resources("datadog_monitor").property( "tags").list_should_contain(['baz:biz']) expected_error = self.error_list_format([ "[datadog_monitor.bar.tags] '['baz:biz', 'foo:bar']' should contain '['too:biz']'.", "[datadog_monitor.foo.tags] '['baz:biz']' should contain '['too:biz']'." ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources("datadog_monitor").property( "tags").list_should_contain('too:biz')
def test_resource_type_list(self): validator = t.Validator(os.path.join(self.path, "fixtures/resource")) validator.resources(['aws_instance', 'aws_elb']).property('value').should_equal(1) expected_error = self.error_list_format([ "[aws_elb.buzz.value] should be '2'. Is: '1'", "[aws_instance.bar.value] should be '2'. Is: '1'", "[aws_instance.foo.value] should be '2'. Is: '1'" ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources(['aws_instance', 'aws_elb']).property('value').should_equal(2)
def test_resource_excluded_properties_with_string_input(self): excluded_property = 'value' non_excluded_property = 'value3' validator = t.Validator(os.path.join(self.path, "fixtures/resource")) validator.resources('aws_instance').should_not_have_properties( non_excluded_property) expected_error = self.error_list_format([ "[aws_instance.bar] should not have property: 'value'", "[aws_instance.foo] should not have property: 'value'" ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').should_not_have_properties( excluded_property)
def test_nested_resource_required_properties_with_string_input(self): required_property = 'value' validator = t.Validator( os.path.join(self.path, "fixtures/nested_resource")) validator.resources('aws_instance').property( 'nested_resource').should_have_properties(required_property) required_property = 'def456' expected_error = self.error_list_format([ "[aws_instance.foo.nested_resource] should have property: 'def456'" ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').property( 'nested_resource').should_have_properties(required_property)
def test_resource_required_properties_with_list_input(self): required_properties = ['value', 'value2'] validator = t.Validator(os.path.join(self.path, "fixtures/resource")) validator.resources('aws_instance').should_have_properties( required_properties) required_properties = ['value', 'value2', 'abc123', 'def456'] expected_error = self.error_list_format([ "[aws_instance.bar] should have property: 'abc123'", "[aws_instance.bar] should have property: 'def456'", "[aws_instance.foo] should have property: 'abc123'", "[aws_instance.foo] should have property: 'def456'" ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').should_have_properties( required_properties)
def test_nested_resource_excluded_properties_with_list_input(self): excluded_properties = ['value', 'value2'] non_excluded_properties = ['value3', 'value4'] validator = t.Validator( os.path.join(self.path, "fixtures/nested_resource")) validator.resources('aws_instance').property( 'nested_resource').should_not_have_properties( non_excluded_properties) expected_error = self.error_list_format([ "[aws_instance.foo.nested_resource] should not have property: 'value'", "[aws_instance.foo.nested_resource] should not have property: 'value2'" ]) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources('aws_instance').property( 'nested_resource').should_not_have_properties( excluded_properties)
def test_encryption_scenario(self): validator = t.Validator( os.path.join(self.path, "fixtures/enforce_encrypted")) validator.error_if_property_missing() validator.resources("aws_db_instance_valid").property( "storage_encrypted").should_equal("True") validator.resources("aws_db_instance_valid").property( "storage_encrypted").should_equal(True) validator.resources("aws_db_instance_invalid").should_have_properties( "storage_encrypted") expected_error = self.error_list_format( "[aws_db_instance_invalid.foo2.storage_encrypted] should be 'True'. Is: 'False'" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources("aws_db_instance_invalid").property( "storage_encrypted").should_equal("True") expected_error = self.error_list_format( "[aws_db_instance_invalid2.foo3] should have property: 'storage_encrypted'" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources("aws_db_instance_invalid2").property( "storage_encrypted") validator.resources("aws_instance_valid").property( 'ebs_block_device').property("encrypted").should_equal("True") validator.resources("aws_instance_valid").property( 'ebs_block_device').property("encrypted").should_equal(True) expected_error = self.error_list_format( "[aws_instance_invalid.bizz2] should have property: 'encrypted'") with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources("aws_instance_invalid").should_have_properties( "encrypted") expected_error = self.error_list_format( "[aws_instance_invalid.bizz2.ebs_block_device.encrypted] should be 'True'. Is: 'False'" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources("aws_instance_invalid").property( 'ebs_block_device').property("encrypted").should_equal("True") expected_error = self.error_list_format( "[aws_instance_invalid2.bizz3] should have property: 'storage_encrypted'" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources("aws_instance_invalid2" ).should_have_properties("storage_encrypted") expected_error = self.error_list_format( "[aws_instance_invalid2.bizz3.ebs_block_device] should have property: 'encrypted'" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources("aws_instance_invalid2").property( 'ebs_block_device').property("encrypted") validator.resources("aws_ebs_volume_valid").property( "encrypted").should_equal("True") validator.resources("aws_ebs_volume_valid").property( "encrypted").should_equal(True) validator.resources("aws_ebs_volume_invalid").should_have_properties( "encrypted") expected_error = self.error_list_format( "[aws_ebs_volume_invalid.bar2.encrypted] should be 'True'. Is: 'False'" ) with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources("aws_ebs_volume_invalid").property( "encrypted").should_equal("True") expected_error = self.error_list_format( "[aws_ebs_volume_invalid2.bar3] should have property: 'encrypted'") with self.assertRaisesRegexp(AssertionError, expected_error): validator.resources( "aws_ebs_volume_invalid2").should_have_properties("encrypted") validator.resources("aws_ebs_volume_invalid2").property( "encrypted")
def test_properties_on_nonexistant_resource_type(self): required_properties = ['value', 'value2'] validator = t.Validator( os.path.join(self.path, "fixtures/missing_variable")) validator.resources('aws_rds_instance').property( 'nested_resource').should_have_properties(required_properties)
def test_no_exceptions_raised_when_no_resources_present(self): validator = t.Validator( os.path.join(self.path, "fixtures/no_resources")) validator.resources('aws_instance').property('value').should_equal(1)
def test_can_find_multiple_variables_in_complex_string(self): v = t.Validator() a = v.list_terraform_variables_in_string("a${var.abc}b${var.def}c") self.assertEqual(a, ["var.abc", "var.def"])
def test_resource_required_properties_with_string_input(self): required_property = 'value' validator = t.Validator(os.path.join(self.path, "fixtures/resource")) validator.resources('aws_instance').should_have_properties( required_property)
def test_can_find_one_variable_in_string(self): v = t.Validator() a = v.list_terraform_variables_in_string("${var.abc}") self.assertEqual(a, ["var.abc"])