search

pulumi / pulumi-policy-aws

A policy pack of rules to enforce AWS best practices for security, reliability, cost, and more!
https://www.pulumi.com
Apache License 2.0
34 stars 6 forks source link

Remove use of `PULUMI_AWSGUARD_TESTING` for integration test #34

Closed justinvp closed 4 years ago

justinvp commented 4 years ago

Use an alternative approach to creating a new instance of AwsGuard for the integration tests, rather than having this baked into the library itself.

chrsmith commented 4 years ago

Something that would be nice to add is the ability for the test case to configure how the AwsGuard library gets consumed.

For example, when writing a new PAC rule I need to do things like enable deletion protection and create an S3 bucket for logs. (Otherwise it would run afoul of other AWSGuard rules.) But that adds unnecessary complications when trying to test specific rules.

So I imagine the integration test, e.g. network_test.go would have a list of rules it would explicitly set the enforcement level to disable when running the test.

chrsmith commented 4 years ago

Assigning to myself, as it looks like this is blocking us from writing more sophisticated unit tests. (e.g. now we require enabling logs... which requires an S3 bucket... which requires that it has its own logging enabled...)