668 lines
24 KiB
Python
668 lines
24 KiB
Python
from botocore.exceptions import ClientError
|
|
from moto import mock_cloudformation_deprecated, mock_ec2_deprecated
|
|
from moto import mock_cloudformation, mock_ec2
|
|
from tests import EXAMPLE_AMI_ID
|
|
from tests.test_cloudformation.fixtures import ec2_classic_eip
|
|
from tests.test_cloudformation.fixtures import single_instance_with_ebs_volume
|
|
from tests.test_cloudformation.fixtures import vpc_eip
|
|
from tests.test_cloudformation.fixtures import vpc_eni
|
|
from tests.test_cloudformation.fixtures import vpc_single_instance_in_subnet
|
|
from uuid import uuid4
|
|
import boto
|
|
import boto.ec2
|
|
import boto.cloudformation
|
|
import boto.vpc
|
|
import boto3
|
|
import json
|
|
import pytest
|
|
import sure # noqa
|
|
|
|
|
|
template_vpc = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Description": "Create VPC",
|
|
"Resources": {
|
|
"VPC": {"Properties": {"CidrBlock": "192.168.0.0/16"}, "Type": "AWS::EC2::VPC"}
|
|
},
|
|
}
|
|
|
|
|
|
@mock_ec2
|
|
@mock_cloudformation
|
|
def test_vpc_single_instance_in_subnet():
|
|
template_json = json.dumps(vpc_single_instance_in_subnet.template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(
|
|
StackName=stack_name,
|
|
TemplateBody=template_json,
|
|
Parameters=[{"ParameterKey": "KeyName", "ParameterValue": "my_key"}],
|
|
)
|
|
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
|
|
stack = cf.describe_stacks(StackName=stack_name)["Stacks"][0]
|
|
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
vpc_id = [
|
|
resource
|
|
for resource in resources
|
|
if resource["ResourceType"] == "AWS::EC2::VPC"
|
|
][0]["PhysicalResourceId"]
|
|
|
|
vpc = ec2.describe_vpcs(VpcIds=[vpc_id])["Vpcs"][0]
|
|
vpc["CidrBlock"].should.equal("10.0.0.0/16")
|
|
vpc["Tags"].should.contain({"Key": "Application", "Value": stack["StackId"]})
|
|
|
|
security_group = ec2.describe_security_groups(
|
|
Filters=[{"Name": "vpc-id", "Values": [vpc["VpcId"]]}]
|
|
)["SecurityGroups"][0]
|
|
security_group["VpcId"].should.equal(vpc["VpcId"])
|
|
|
|
subnet_id = [
|
|
resource
|
|
for resource in resources
|
|
if resource["ResourceType"] == "AWS::EC2::Subnet"
|
|
][0]["PhysicalResourceId"]
|
|
|
|
subnet = ec2.describe_subnets(SubnetIds=[subnet_id])["Subnets"][0]
|
|
subnet["VpcId"].should.equal(vpc["VpcId"])
|
|
|
|
instance_id = [
|
|
resource
|
|
for resource in resources
|
|
if resource["ResourceType"] == "AWS::EC2::Instance"
|
|
][0]["PhysicalResourceId"]
|
|
res = ec2.describe_instances(InstanceIds=[instance_id])["Reservations"][0]
|
|
instance = res["Instances"][0]
|
|
instance["Tags"].should.contain({"Key": "Foo", "Value": "Bar"})
|
|
|
|
eip_id = [
|
|
resource
|
|
for resource in resources
|
|
if resource["ResourceType"] == "AWS::EC2::EIP"
|
|
][0]["PhysicalResourceId"]
|
|
eip = ec2.describe_addresses(PublicIps=[eip_id])["Addresses"][0]
|
|
eip["Domain"].should.equal("vpc")
|
|
eip["InstanceId"].should.equal(instance["InstanceId"])
|
|
|
|
|
|
@mock_cloudformation
|
|
@mock_ec2
|
|
def test_delete_stack_with_resource_missing_delete_attr():
|
|
cf = boto3.client("cloudformation", region_name="us-east-1")
|
|
ec2 = boto3.client("ec2", region_name="us-east-1")
|
|
name = str(uuid4())[0:6]
|
|
|
|
cf.create_stack(StackName=name, TemplateBody=json.dumps(template_vpc))
|
|
cf.describe_stacks(StackName=name)["Stacks"].should.have.length_of(1)
|
|
|
|
resources = cf.list_stack_resources(StackName=name)["StackResourceSummaries"]
|
|
vpc_id = resources[0]["PhysicalResourceId"]
|
|
|
|
cf.delete_stack(
|
|
StackName=name
|
|
) # should succeed, despite the fact that the resource itself cannot be deleted
|
|
with pytest.raises(ClientError) as exc:
|
|
cf.describe_stacks(StackName=name)
|
|
err = exc.value.response["Error"]
|
|
err.should.have.key("Code").equals("ValidationError")
|
|
err.should.have.key("Message").equals(f"Stack with id {name} does not exist")
|
|
|
|
# We still have our VPC, as the VPC-object does not have a delete-method yet
|
|
ec2.describe_vpcs(VpcIds=[vpc_id])["Vpcs"].should.have.length_of(1)
|
|
|
|
|
|
# Has boto3 equivalent
|
|
@mock_ec2_deprecated
|
|
@mock_cloudformation_deprecated
|
|
def test_elastic_network_interfaces_cloudformation():
|
|
template = vpc_eni.template
|
|
template_json = json.dumps(template)
|
|
conn = boto.cloudformation.connect_to_region("us-west-1")
|
|
conn.create_stack("test_stack", template_body=template_json)
|
|
ec2_conn = boto.ec2.connect_to_region("us-west-1")
|
|
eni = ec2_conn.get_all_network_interfaces()[0]
|
|
eni.private_ip_addresses.should.have.length_of(1)
|
|
|
|
stack = conn.describe_stacks()[0]
|
|
resources = stack.describe_resources()
|
|
cfn_eni = [
|
|
resource
|
|
for resource in resources
|
|
if resource.resource_type == "AWS::EC2::NetworkInterface"
|
|
][0]
|
|
cfn_eni.physical_resource_id.should.equal(eni.id)
|
|
|
|
outputs = {output.key: output.value for output in stack.outputs}
|
|
outputs["ENIIpAddress"].should.equal(eni.private_ip_addresses[0].private_ip_address)
|
|
|
|
|
|
@mock_ec2
|
|
@mock_cloudformation
|
|
def test_elastic_network_interfaces_cloudformation_boto3():
|
|
template = vpc_eni.template
|
|
template_json = json.dumps(template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
all_enis = ec2.describe_network_interfaces()["NetworkInterfaces"]
|
|
all_eni_ids = [eni["NetworkInterfaceId"] for eni in all_enis]
|
|
all_ips = [eni["PrivateIpAddresses"][0]["PrivateIpAddress"] for eni in all_enis]
|
|
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
cfn_eni = [
|
|
resource
|
|
for resource in resources
|
|
if resource["ResourceType"] == "AWS::EC2::NetworkInterface"
|
|
][0]
|
|
all_eni_ids.should.contain(cfn_eni["PhysicalResourceId"])
|
|
|
|
outputs = cf.describe_stacks(StackName=stack_name)["Stacks"][0]["Outputs"]
|
|
received_ip = [
|
|
o["OutputValue"] for o in outputs if o["OutputKey"] == "ENIIpAddress"
|
|
][0]
|
|
all_ips.should.contain(received_ip)
|
|
|
|
|
|
@mock_ec2
|
|
@mock_cloudformation
|
|
def test_volume_size_through_cloudformation():
|
|
ec2 = boto3.client("ec2", region_name="us-east-1")
|
|
cf = boto3.client("cloudformation", region_name="us-east-1")
|
|
|
|
tag_value = str(uuid4())
|
|
volume_template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"testInstance": {
|
|
"Type": "AWS::EC2::Instance",
|
|
"Properties": {
|
|
"ImageId": EXAMPLE_AMI_ID,
|
|
"KeyName": "dummy",
|
|
"InstanceType": "t2.micro",
|
|
"BlockDeviceMappings": [
|
|
{"DeviceName": "/dev/sda2", "Ebs": {"VolumeSize": "50"}}
|
|
],
|
|
"Tags": [
|
|
{"Key": "foo", "Value": "bar"},
|
|
{"Key": "blah", "Value": tag_value},
|
|
],
|
|
},
|
|
}
|
|
},
|
|
}
|
|
template_json = json.dumps(volume_template)
|
|
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
|
|
resource = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"][
|
|
0
|
|
]
|
|
resource.should.have.key("LogicalResourceId").being.equal("testInstance")
|
|
resource.should.have.key("PhysicalResourceId").shouldnt.be.none
|
|
resource.should.have.key("ResourceType").being.equal("AWS::EC2::Instance")
|
|
|
|
instances = ec2.describe_instances(InstanceIds=[resource["PhysicalResourceId"]])
|
|
|
|
volume = instances["Reservations"][0]["Instances"][0]["BlockDeviceMappings"][0][
|
|
"Ebs"
|
|
]
|
|
|
|
volumes = ec2.describe_volumes(VolumeIds=[volume["VolumeId"]])
|
|
volumes["Volumes"][0]["Size"].should.equal(50)
|
|
|
|
|
|
# Has boto3 equivalent
|
|
@mock_ec2_deprecated
|
|
@mock_cloudformation_deprecated
|
|
def test_subnet_tags_through_cloudformation():
|
|
vpc_conn = boto.vpc.connect_to_region("us-west-1")
|
|
vpc = vpc_conn.create_vpc("10.0.0.0/16")
|
|
|
|
subnet_template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"testSubnet": {
|
|
"Type": "AWS::EC2::Subnet",
|
|
"Properties": {
|
|
"VpcId": vpc.id,
|
|
"CidrBlock": "10.0.0.0/24",
|
|
"AvailabilityZone": "us-west-1b",
|
|
"Tags": [
|
|
{"Key": "foo", "Value": "bar"},
|
|
{"Key": "blah", "Value": "baz"},
|
|
],
|
|
},
|
|
}
|
|
},
|
|
}
|
|
cf_conn = boto.cloudformation.connect_to_region("us-west-1")
|
|
template_json = json.dumps(subnet_template)
|
|
cf_conn.create_stack("test_stack", template_body=template_json)
|
|
|
|
subnet = vpc_conn.get_all_subnets(filters={"cidrBlock": "10.0.0.0/24"})[0]
|
|
subnet.tags["foo"].should.equal("bar")
|
|
subnet.tags["blah"].should.equal("baz")
|
|
|
|
|
|
@mock_ec2
|
|
@mock_cloudformation
|
|
def test_subnet_tags_through_cloudformation_boto3():
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
ec2_res = boto3.resource("ec2", region_name="us-west-1")
|
|
vpc = ec2_res.create_vpc(CidrBlock="10.0.0.0/16")
|
|
|
|
subnet_template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"testSubnet": {
|
|
"Type": "AWS::EC2::Subnet",
|
|
"Properties": {
|
|
"VpcId": vpc.id,
|
|
"CidrBlock": "10.0.0.0/24",
|
|
"AvailabilityZone": "us-west-1b",
|
|
"Tags": [
|
|
{"Key": "foo", "Value": "bar"},
|
|
{"Key": "blah", "Value": "baz"},
|
|
],
|
|
},
|
|
}
|
|
},
|
|
}
|
|
template_json = json.dumps(subnet_template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
subnet_id = resources[0]["PhysicalResourceId"]
|
|
|
|
subnet = ec2.describe_subnets(SubnetIds=[subnet_id])["Subnets"][0]
|
|
subnet["CidrBlock"].should.equal("10.0.0.0/24")
|
|
subnet["Tags"].should.contain({"Key": "foo", "Value": "bar"})
|
|
subnet["Tags"].should.contain({"Key": "blah", "Value": "baz"})
|
|
|
|
|
|
@mock_ec2
|
|
@mock_cloudformation
|
|
def test_single_instance_with_ebs_volume():
|
|
template_json = json.dumps(single_instance_with_ebs_volume.template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(
|
|
StackName=stack_name,
|
|
TemplateBody=template_json,
|
|
Parameters=[{"ParameterKey": "KeyName", "ParameterValue": "key_name"}],
|
|
)
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
instance_id = [
|
|
r["PhysicalResourceId"]
|
|
for r in resources
|
|
if r["ResourceType"] == "AWS::EC2::Instance"
|
|
][0]
|
|
volume_id = [
|
|
r["PhysicalResourceId"]
|
|
for r in resources
|
|
if r["ResourceType"] == "AWS::EC2::Volume"
|
|
][0]
|
|
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
ec2_instance = ec2.describe_instances(InstanceIds=[instance_id])["Reservations"][0][
|
|
"Instances"
|
|
][0]
|
|
|
|
volumes = ec2.describe_volumes(VolumeIds=[volume_id])["Volumes"]
|
|
# Grab the mounted drive
|
|
volume = [
|
|
volume for volume in volumes if volume["Attachments"][0]["Device"] == "/dev/sdh"
|
|
][0]
|
|
volume["State"].should.equal("in-use")
|
|
volume["Attachments"][0]["InstanceId"].should.equal(ec2_instance["InstanceId"])
|
|
|
|
|
|
@mock_ec2
|
|
@mock_cloudformation
|
|
def test_classic_eip():
|
|
template_json = json.dumps(ec2_classic_eip.template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
all_ips = [eip["PublicIp"] for eip in ec2.describe_addresses()["Addresses"]]
|
|
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
cfn_eip = [
|
|
resource
|
|
for resource in resources
|
|
if resource["ResourceType"] == "AWS::EC2::EIP"
|
|
][0]
|
|
all_ips.should.contain(cfn_eip["PhysicalResourceId"])
|
|
|
|
|
|
@mock_ec2
|
|
@mock_cloudformation
|
|
def test_vpc_eip():
|
|
template_json = json.dumps(vpc_eip.template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
all_ips = [eip["PublicIp"] for eip in ec2.describe_addresses()["Addresses"]]
|
|
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
cfn_eip = [
|
|
resource
|
|
for resource in resources
|
|
if resource["ResourceType"] == "AWS::EC2::EIP"
|
|
][0]
|
|
all_ips.should.contain(cfn_eip["PhysicalResourceId"])
|
|
|
|
|
|
@mock_cloudformation
|
|
@mock_ec2
|
|
def test_vpc_gateway_attachment_creation_should_attach_itself_to_vpc():
|
|
template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"internetgateway": {"Type": "AWS::EC2::InternetGateway"},
|
|
"testvpc": {
|
|
"Type": "AWS::EC2::VPC",
|
|
"Properties": {
|
|
"CidrBlock": "10.0.0.0/16",
|
|
"EnableDnsHostnames": "true",
|
|
"EnableDnsSupport": "true",
|
|
"InstanceTenancy": "default",
|
|
},
|
|
},
|
|
"vpcgatewayattachment": {
|
|
"Type": "AWS::EC2::VPCGatewayAttachment",
|
|
"Properties": {
|
|
"InternetGatewayId": {"Ref": "internetgateway"},
|
|
"VpcId": {"Ref": "testvpc"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
template_json = json.dumps(template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
vpc_id = resources[1]["PhysicalResourceId"]
|
|
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
vpc = ec2.describe_vpcs(VpcIds=[vpc_id])["Vpcs"][0]
|
|
vpc["CidrBlock"].should.equal("10.0.0.0/16")
|
|
|
|
igws = ec2.describe_internet_gateways(
|
|
Filters=[{"Name": "attachment.vpc-id", "Values": [vpc["VpcId"]]}]
|
|
)["InternetGateways"]
|
|
igws.should.have.length_of(1)
|
|
|
|
|
|
@mock_cloudformation
|
|
@mock_ec2
|
|
def test_vpc_peering_creation():
|
|
ec2 = boto3.resource("ec2", region_name="us-west-1")
|
|
ec2_client = boto3.client("ec2", region_name="us-west-1")
|
|
vpc_source = ec2.create_vpc(CidrBlock="10.0.0.0/16")
|
|
peer_vpc = ec2.create_vpc(CidrBlock="10.1.0.0/16")
|
|
template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"vpcpeeringconnection": {
|
|
"Type": "AWS::EC2::VPCPeeringConnection",
|
|
"Properties": {"PeerVpcId": peer_vpc.id, "VpcId": vpc_source.id},
|
|
}
|
|
},
|
|
}
|
|
|
|
template_json = json.dumps(template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
our_vpx_id = resources[0]["PhysicalResourceId"]
|
|
|
|
peering_connections = ec2_client.describe_vpc_peering_connections(
|
|
VpcPeeringConnectionIds=[our_vpx_id]
|
|
)["VpcPeeringConnections"]
|
|
peering_connections.should.have.length_of(1)
|
|
|
|
|
|
@mock_cloudformation
|
|
@mock_ec2
|
|
def test_multiple_security_group_ingress_separate_from_security_group_by_id():
|
|
sg1 = str(uuid4())[0:6]
|
|
sg2 = str(uuid4())[0:6]
|
|
template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"test-security-group1": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupDescription": "test security group",
|
|
"Tags": [{"Key": "sg-name", "Value": sg1}],
|
|
},
|
|
},
|
|
"test-security-group2": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupDescription": "test security group",
|
|
"Tags": [{"Key": "sg-name", "Value": sg2}],
|
|
},
|
|
},
|
|
"test-sg-ingress": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {"Ref": "test-security-group1"},
|
|
"IpProtocol": "tcp",
|
|
"FromPort": "80",
|
|
"ToPort": "8080",
|
|
"SourceSecurityGroupId": {"Ref": "test-security-group2"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
template_json = json.dumps(template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
cf.create_stack(StackName=str(uuid4())[0:6], TemplateBody=template_json)
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
|
|
security_group1 = get_secgroup_by_tag(ec2, sg1)
|
|
security_group2 = get_secgroup_by_tag(ec2, sg2)
|
|
|
|
security_group1["IpPermissions"].should.have.length_of(1)
|
|
security_group1["IpPermissions"][0]["UserIdGroupPairs"].should.have.length_of(1)
|
|
security_group1["IpPermissions"][0]["UserIdGroupPairs"][0]["GroupId"].should.equal(
|
|
security_group2["GroupId"]
|
|
)
|
|
security_group1["IpPermissions"][0]["IpProtocol"].should.equal("tcp")
|
|
security_group1["IpPermissions"][0]["FromPort"].should.equal(80)
|
|
security_group1["IpPermissions"][0]["ToPort"].should.equal(8080)
|
|
|
|
|
|
@mock_cloudformation
|
|
@mock_ec2
|
|
def test_security_group_ingress_separate_from_security_group_by_id():
|
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
|
sg_name = str(uuid4())
|
|
ec2.create_security_group(GroupName=sg_name, Description="test security group")
|
|
|
|
sg_2 = str(uuid4())[0:6]
|
|
template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"test-security-group2": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupDescription": "test security group",
|
|
"Tags": [{"Key": "sg-name", "Value": sg_2}],
|
|
},
|
|
},
|
|
"test-sg-ingress": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupName": sg_name,
|
|
"IpProtocol": "tcp",
|
|
"FromPort": "80",
|
|
"ToPort": "8080",
|
|
"SourceSecurityGroupId": {"Ref": "test-security-group2"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
template_json = json.dumps(template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
cf.create_stack(StackName=str(uuid4())[0:6], TemplateBody=template_json)
|
|
security_group1 = ec2.describe_security_groups(GroupNames=[sg_name])[
|
|
"SecurityGroups"
|
|
][0]
|
|
security_group2 = get_secgroup_by_tag(ec2, sg_2)
|
|
|
|
security_group1["IpPermissions"].should.have.length_of(1)
|
|
security_group1["IpPermissions"][0]["UserIdGroupPairs"].should.have.length_of(1)
|
|
security_group1["IpPermissions"][0]["UserIdGroupPairs"][0]["GroupId"].should.equal(
|
|
security_group2["GroupId"]
|
|
)
|
|
security_group1["IpPermissions"][0]["IpProtocol"].should.equal("tcp")
|
|
security_group1["IpPermissions"][0]["FromPort"].should.equal(80)
|
|
security_group1["IpPermissions"][0]["ToPort"].should.equal(8080)
|
|
|
|
|
|
@mock_cloudformation
|
|
@mock_ec2
|
|
def test_security_group_ingress_separate_from_security_group_by_id_using_vpc():
|
|
ec2 = boto3.resource("ec2", region_name="us-west-1")
|
|
ec2_client = boto3.client("ec2", region_name="us-west-1")
|
|
vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
|
|
|
|
template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"test-security-group1": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupDescription": "test security group",
|
|
"VpcId": vpc.id,
|
|
"Tags": [{"Key": "sg-name", "Value": "sg1"}],
|
|
},
|
|
},
|
|
"test-security-group2": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupDescription": "test security group",
|
|
"VpcId": vpc.id,
|
|
"Tags": [{"Key": "sg-name", "Value": "sg2"}],
|
|
},
|
|
},
|
|
"test-sg-ingress": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {"Ref": "test-security-group1"},
|
|
"VpcId": vpc.id,
|
|
"IpProtocol": "tcp",
|
|
"FromPort": "80",
|
|
"ToPort": "8080",
|
|
"SourceSecurityGroupId": {"Ref": "test-security-group2"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
template_json = json.dumps(template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
cf.create_stack(StackName=str(uuid4())[0:6], TemplateBody=template_json)
|
|
security_group1 = get_secgroup_by_tag(ec2_client, "sg1")
|
|
security_group2 = get_secgroup_by_tag(ec2_client, "sg2")
|
|
|
|
security_group1["IpPermissions"].should.have.length_of(1)
|
|
security_group1["IpPermissions"][0]["UserIdGroupPairs"].should.have.length_of(1)
|
|
security_group1["IpPermissions"][0]["UserIdGroupPairs"][0]["GroupId"].should.equal(
|
|
security_group2["GroupId"]
|
|
)
|
|
security_group1["IpPermissions"][0]["IpProtocol"].should.equal("tcp")
|
|
security_group1["IpPermissions"][0]["FromPort"].should.equal(80)
|
|
security_group1["IpPermissions"][0]["ToPort"].should.equal(8080)
|
|
|
|
|
|
@mock_cloudformation
|
|
@mock_ec2
|
|
def test_security_group_with_update():
|
|
ec2 = boto3.resource("ec2", region_name="us-west-1")
|
|
ec2_client = boto3.client("ec2", region_name="us-west-1")
|
|
vpc1 = ec2.create_vpc(CidrBlock="10.0.0.0/16")
|
|
vpc2 = ec2.create_vpc(CidrBlock="10.1.0.0/16")
|
|
|
|
sg = str(uuid4())[0:6]
|
|
template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"test-security-group": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupDescription": "test security group",
|
|
"VpcId": vpc1.id,
|
|
"Tags": [{"Key": "sg-name", "Value": sg}],
|
|
},
|
|
}
|
|
},
|
|
}
|
|
|
|
template_json = json.dumps(template)
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
security_group = get_secgroup_by_tag(ec2_client, sg)
|
|
security_group["VpcId"].should.equal(vpc1.id)
|
|
|
|
template["Resources"]["test-security-group"]["Properties"]["VpcId"] = vpc2.id
|
|
template_json = json.dumps(template)
|
|
cf.update_stack(StackName=stack_name, TemplateBody=template_json)
|
|
security_group = get_secgroup_by_tag(ec2_client, sg)
|
|
security_group["VpcId"].should.equal(vpc2.id)
|
|
|
|
|
|
@mock_cloudformation
|
|
@mock_ec2
|
|
def test_subnets_should_be_created_with_availability_zone():
|
|
ec2 = boto3.resource("ec2", region_name="us-west-1")
|
|
ec2_client = boto3.client("ec2", region_name="us-west-1")
|
|
vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
|
|
|
|
subnet_template = {
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"testSubnet": {
|
|
"Type": "AWS::EC2::Subnet",
|
|
"Properties": {
|
|
"VpcId": vpc.id,
|
|
"CidrBlock": "10.0.0.0/24",
|
|
"AvailabilityZone": "us-west-1b",
|
|
},
|
|
}
|
|
},
|
|
}
|
|
cf = boto3.client("cloudformation", region_name="us-west-1")
|
|
template_json = json.dumps(subnet_template)
|
|
stack_name = str(uuid4())[0:6]
|
|
cf.create_stack(StackName=stack_name, TemplateBody=template_json)
|
|
resources = cf.list_stack_resources(StackName=stack_name)["StackResourceSummaries"]
|
|
subnet_id = resources[0]["PhysicalResourceId"]
|
|
subnet = ec2_client.describe_subnets(SubnetIds=[subnet_id])["Subnets"][0]
|
|
subnet["CidrBlock"].should.equal("10.0.0.0/24")
|
|
subnet["AvailabilityZone"].should.equal("us-west-1b")
|
|
|
|
|
|
def get_secgroup_by_tag(ec2, sg_):
|
|
return ec2.describe_security_groups(
|
|
Filters=[{"Name": "tag:sg-name", "Values": [sg_]}]
|
|
)["SecurityGroups"][0]
|