search

ernestio / ernest

Ernest is a tool to define, manage and collaborate on your infrastructure
http://ernest.io/
Mozilla Public License 2.0
17 stars 6 forks source link

Policy errors for rds_clusters:availability_zones & route53:records. #894

Closed reidjc closed 6 years ago

reidjc commented 6 years ago

Policy errors for rds_clusters:availability_zones & route53:records.

Console output:

$ ernest env apply jr.yml
Policy:

    ✔ AWS Security Group
      ✔ egress_rules should have rule {"ip" => "0.0.0.0/0", "protocol" => "tcp", "from_port" => 0, "to_port" => 65535}

    ✔ AWS Subnet web1
      ✔ should be public
      ✔ subnet should be "10.0.12.0/24"

    ✔ AWS Subnet web2
      ✔ should be public
      ✔ subnet should be "10.0.14.0/24"

    ✔ AWS Instance web1
      ✔ type should be "t2.micro"
      ✔ elastic_ip should be false
      ✔ image should be "ami-3f1bd150"
      ✔ network should be "web1"
      ✔ key_pair should be "jason-work"
      ✔ security_groups should be "vm"

    ✔ AWS RDS Instance
      ✔ size should be "db.t2.small"

    ✘ AWS RDS Cluster mycluster
      ✔ engine should be "aurora"
      ✔ port should be 3306
      ✘ availability_zones should be "eu-central-1a" and "eu-central-1b"
        value does not match
             expected: {"eu-central-1a" => "eu-central-1b"}
      ✔ security_groups should be "rds"
      ✔ networks should be "web1" and "web2"
      ✔ database_name should be "mysqltest5"
      ✔ final_snapshot should be false

    ✔ AWS Elastic Load Balancer elb1
      ✔ should not be private
      ✔ should have listener {"protocol" => "HTTP", "from_port" => 80, "to_port" => 80}
      ✔ subnets should be "web1"
      ✔ instances should be "web1"
      ✔ security_groups should be "elb"

    ✘ AWS Route53 Zone r3dev.io
      ✔ should not be private
      ✘ records should have record {"entry" => "mysql.r3dev.io", "type" => "A", "ttl" => 3600, "rds_clusters" => ["mycluster"]}
        expected that record {"entry"=>"mysql.r3dev.io", "type"=>"A", "ttl"=>3600, "rds_clusters"=>{"mycluster"}
      ✔ records should have record {"entry" => "demo.r3dev.io", "type" => "CNAME", "ttl" => 3600, "loadbalancers" => ["elb1"]}

Test Summary: 25 passed, 2 failed, 27 total
build validation failed
$

YAML:

---
name: demo
project: aws-de

vpcs:
  - name: demo
    subnet: 10.0.0.0/16
    auto_remove: true

networks:
  - name: web1
    vpc: demo
    subnet: 10.0.12.0/24
    availability_zone: eu-central-1a
    public: true
  - name: web2
    vpc: demo
    subnet: 10.0.14.0/24
    availability_zone: eu-central-1b
    public: true

security_groups:
  - name: vm
    vpc: demo
    egress:
      - ip: 0.0.0.0/0
        protocol: tcp
        from_port: '0'
        to_port: '65535'
    ingress:
      - ip: 10.0.0.0/16
        protocol: tcp
        from_port: '0'
        to_port: '65535'
      - ip: 80.169.194.69/32
        protocol: tcp
        from_port: '0'
        to_port: '65535'
  - name: rds
    vpc: demo
    egress:
      - ip: 0.0.0.0/0
        protocol: tcp
        from_port: '0'
        to_port: '65535'
    ingress:
      - ip: 10.0.0.0/16
        protocol: tcp
        from_port: '0'
        to_port: '65535'
  - name: elb
    vpc: demo
    egress:
      - ip: 0.0.0.0/0
        protocol: tcp
        from_port: '0'
        to_port: '65535'
    ingress:
      - ip: 10.0.0.0/16
        protocol: tcp
        from_port: '0'
        to_port: '65535'
      - ip: 0.0.0.0/0
        protocol: tcp
        from_port: '80'
        to_port: '80'

instances:
  - name: web1
    type: t2.micro
    image: ami-3f1bd150
    network: web1
    start_ip: 10.0.12.11
    count: 2
    key_pair: jason-work
    user_data: |-
      #cloud-config
      repo_update: true
      repo_upgrade: all
      packages:
       - puppet
       - git-core
      runcmd:
       - 'mv /etc/puppet/ /etc/puppet-bak'
       - 'git clone https://github.com/r3labs/aws-rds-elb.git /etc/puppet'
       - '/usr/bin/puppet apply /etc/puppet/manifests/site.pp'
    security_groups:
      - vm

route53_zones:
  - name: r3dev.io
    private: false
    records:
      - entry: mysql.r3dev.io
        type: CNAME
        ttl: 3600
        rds_clusters:
          - mycluster
      - entry: demo.r3dev.io
        type: CNAME
        ttl: 3600
        loadbalancers:
          - elb1
      - entry: test.r3dev.io
        type: A
        ttl: 3600
        values:
          - 8.8.8.8

rds_instances:
  - name: mydb1
    cluster: mycluster
    size: db.t2.small
    storage:
      type: gp2
      size: 20
    promotion_tier: 5
  - name: mydb2
    cluster: mycluster
    size: db.t2.small
    storage:
      type: gp2
      size: 20
    promotion_tier: 10

rds_clusters:
  - name: mycluster
    public: true
    engine: aurora
    port: 3306
    availablily_zones:
      - eu-central-1a
      - eu-central-1b
    networks:
      - web1
      - web2
    security_groups:
      - rds
    database_name: mysqltest5
    database_username: mysqltest5
    database_password: mysqltest5
    final_snapshot: false

loadbalancers:
  - name: elb1
    networks:
      - web1
    instances:
      - web1
    listeners:
      - from_port: 80
        to_port: 80
        protocol: http
    security_groups:
      - elb

Policy:

describe aws_security_group do
  its('egress_rules') {should have_rule('ip' => '0.0.0.0/0', 'protocol' => 'tcp', 'from_port' => 0, 'to_port' => 65535) }
end

describe aws_subnet('web1') do
  it {should be_public}
  its('subnet') {should be '10.0.12.0/24'}
end

describe aws_subnet('web2') do
  it {should be_public}
  its('subnet') {should be '10.0.14.0/24'}
end

describe aws_instance('web1') do
  its('type') {should be 't2.micro'}
  its('elastic_ip') {should be false}
  its('image') {should be 'ami-3f1bd150'}
  its('network') {should be 'web1'}
  its('key_pair') {should be 'jason-work'}
  its('security_groups') {should be ['vm']}
end

describe aws_rds_instance do
  its('size') {should be 'db.t2.small'}
end

describe aws_rds_cluster('mycluster') do
  its('engine') {should be 'aurora'}
  its('port') {should be 3306}
  its('availability_zones') {should be ['eu-central-1a', 'eu-central-1b']}
  its('security_groups') {should be ['rds']}
  its('networks') {should be ['web1', 'web2']}
  its('database_name') {should be 'mysqltest5'}
  its('final_snapshot') {should be false}
end

describe aws_elb('elb1') do
  it {should_not be_private}
  it {should have_listener('protocol' => 'http', 'from_port' => 80, 'to_port' => 80)}
  its('subnets') {should be ['web1']}
  its('instances') {should be ['web1']}
  its('security_groups') {should be ['elb']}
end

describe aws_route53('r3dev.io') do
  it {should_not be_private}
  its('records') {should have_record('entry' => 'mysql.r3dev.io', 'type' => 'A', 'ttl' => 3600, 'rds_clusters' => ['mycluster'])}
  its('records') {should have_record('entry' => 'demo.r3dev.io', 'type' => 'CNAME', 'ttl' => 3600, 'loadbalancers' => ['elb1'])}
end