Test report from running test suites in aws-must-templates development
Last active
September 24, 2015 09:10
-
-
Save jarjuk/9ab1c25d436c4e468f5e to your computer and use it in GitHub Desktop.
aws-must-templates - tests
- smoke - Fails fast if problems with AWS installation
- suite1 - EC2 instance with S3 read access
- suite2 - VPC with Public and Private Subnets (NAT)
Creates a S3 bucket, and no EC2 instances.
AwsMustTestRunnerProperties
System properties
property with keys [:stack_id]
value
should not eq nil
property with keys [:suite_id]
value
should not eq nil
property with keys ["Outputs"]
value
should not eq nil
property with keys ["Parameters"]
value
should not eq nil
ParameterTest
Test parameter definition
Test parameter 'param1' for role 'ParameterTest'
definition_in_test_suite
should not eq nil
Test parameter 'param2' for role 'ParameterTest'
definition_in_test_suite
should not eq nil
Test parameter 'param3' for role 'ParameterTest'
definition_in_test_suite
should not eq nil
Stack
Stack 'smoke' #stack
#known in test 'Stack''
Stack parameter 'DummyParameter'
value
should not eq nil
Stack output 'Bucket'
value
should not eq nil
Stack output 'BucketName'
value
should not eq nil
Finished in 0.00703 seconds (files took 1.12 seconds to load)
11 examples, 0 failures
Creates an S3 bucket and two EC2 instances (myInstance, myInstance2) One of the instances (myInstance) is granted Read Access Rights to the Bucket.
To grant Access Rights
- create a Role
- create Policy referencing the Role
- create an InstanceProfile referencing the Role
- associate the InstanceProfile to the EC2 instance to grant Read Access
Creates SecurityGroup to act as a virtual firewall, and to allow ssh connection to the EC2 instance.
EC2 installation uses UserData script to install
- AWS Command Line Interface
- CloudFormation Helper Scripts. These scripts are used to create notification when installation is finished
Stack
Stack 'suite1' #stack
#known in test 'Stack''
Stack output 'Bucket'
value
should not eq nil
Stack parameter 'InstanceType'
value
should not eq nil
Stack parameter 'KeyName'
value
should not eq nil
Stack parameter 'SSHLocation'
value
should not eq nil
Finished in 0.00329 seconds (files took 1.12 seconds to load)
5 examples, 0 failures
AwsCommandLineInterfaceInstalled
Command "type aws"
exit_status
should eq 0
CloudFormationHelperScriptsInstalled
Command "type cfn-init"
exit_status
should eq 0
Command "type cfn-signal"
exit_status
should eq 0
Command "type cfn-get-metadata"
exit_status
should eq 0
Command "type cfn-hup"
exit_status
should eq 0
Ec2PublicIp
instance 'myInstance'
Public IP
ec2: instanceName=myInstance
public_ip_address
should not eql nil
Ec2StatusNormal
instanceName 'myInstance'
ec2: instanceName=myInstance
system_status_not_impaired?
should eq true
ec2: instanceName=myInstance
instance_state_running?
should eq true
S3ReadAccessAllowed
Test parameter definition
Test parameter 'Bucket' for role 'S3ReadAccessAllowed'
definition_in_test_suite
should not eq nil
Test parameter values
Test parameter 'Bucket' for role 'S3ReadAccessAllowed'
value
should not eq nil
Operating system context
Aws Commad Line Interface (CLI) is installed
Command "type aws"
exit_status
should eq 0
When read access to a S3 bucket granted
Can list S3 buckets
Command "aws s3 ls"
exit_status
should eq 0
Can list S3 bucket keys
Command "aws s3 ls s3://suite1-mybucket-2ivcdz2a5nio || aws s3 ls s3://suite1-mybucket-2ivcdz2a5nio --region $(aws s3api get-bucket-location --bucket suite1-mybucket-2ivcdz2a5nio --output text)"
exit_status
should eq 0
When an Object exists in S3 bucket
Can read the Object from a S3 bucket
Command "aws s3 cp s3://suite1-mybucket-2ivcdz2a5nio/ttest.tmp /tmp/ttest.tmp || aws s3 cp s3://suite1-mybucket-2ivcdz2a5nio/ttest.tmp /tmp/ttest.tmp --region $(aws s3api get-bucket-location --bucket suite1-mybucket-2ivcdz2a5nio --output text)"
exit_status
should eq 0
Cannot modify (= delete) the Object in bucket
Command "aws s3 rm s3://suite1-mybucket-2ivcdz2a5nio/ttest.tmp --region $(aws s3api get-bucket-location --bucket suite1-mybucket-2ivcdz2a5nio --output text)"
exit_status
should not eql 0
Cannot write to bucket
Create an Object in bucket should fail
Command "aws s3 cp /etc/hosts s3://suite1-mybucket-2ivcdz2a5nio/ttest.tmp --region $(aws s3api get-bucket-location --bucket suite1-mybucket-2ivcdz2a5nio --output text)"
exit_status
should not eql 0
When bucket does not exists
Cannot list S3 bucket keys
Command "aws s3 ls s3://DASKLjwKLJ4534Buckert --region $(aws s3api get-bucket-location --bucket --output text)"
exit_status
should not eq 0
ValidOSVersion
Operating system codename 'trusty'
Command "lsb_release --c -s"
stdout
should match /trusty/
Finished in 32.12 seconds (files took 1.17 seconds to load)
18 examples, 0 failures
AwsCommandLineInterfaceInstalled
Command "type aws"
exit_status
should eq 0
CloudFormationHelperScriptsInstalled
Command "type cfn-init"
exit_status
should eq 0
Command "type cfn-signal"
exit_status
should eq 0
Command "type cfn-get-metadata"
exit_status
should eq 0
Command "type cfn-hup"
exit_status
should eq 0
Ec2PublicIp
instance 'myInstance2'
Public IP
ec2: instanceName=myInstance2
public_ip_address
should not eql nil
Ec2StatusNormal
instanceName 'myInstance2'
ec2: instanceName=myInstance2
system_status_not_impaired?
should eq true
ec2: instanceName=myInstance2
instance_state_running?
should eq true
S3NoAccess
When Bucket exists
#cannot list Bucket
Command "aws s3 ls"
exit_status
should not eq 0
When Object exists in Bucket
#cannot list S3 bucket keys
Command "aws s3 ls s3://suite1-mybucket-2ivcdz2a5nio --region $(aws s3api get-bucket-location --bucket suite1-mybucket-2ivcdz2a5nio --output text)"
exit_status
should not eq 0
#cannot cp S3 bucket object
Command "aws s3 cp s3://suite1-mybucket-2ivcdz2a5nio/ttest22.tmp /tmp/ttest22.tmp --region $(aws s3api get-bucket-location --bucket suite1-mybucket-2ivcdz2a5nio --output text)"
exit_status
should not eq 0
ValidOSVersion
Operating system codename 'trusty'
Command "lsb_release --c -s"
stdout
should match /trusty/
Finished in 12.07 seconds (files took 1.33 seconds to load)
12 examples, 0 failures
Creates VPC with Public and Private Subnets (NAT) similar to scenario 2
Subnets:
- VPC using address range 10.0.0.0/16
- Public subnet 10.0.0.0/24
- with internet gateway
- nat instance
myNat - front instance
myFront1
- Private Subnet 10.0.1.0/24.
- back instance
myBack1
- back instance
Defines theree security groups to act as virtual firewalls
FrontEndSecurityGroupBackendSecurityGroup:NatSecurityGroup
Defines three instances
myNat(based on Amazon vpc-nat instances)- defines a public IP
- private ip from public subnet range
- route 0.0.0.0/0 to internet gateway
- allow ping from 0.0.0.0/0
- allow ssh from 0.0.0.0/0 (as defined parameter
SSHLocation)/to Private Subnet - allow http from Private Subnet/to 0.0.0.0/0
myFront1(ubuntu)- defines a public IP
- private ip from public subnet range
- route 0.0.0.0/0 to internet gateway
- allow ping from 0.0.0.0/0
- allow ssh from 0.0.0.0/0 (as defined parameter
SSHLocation)
myBack1(ubuntu)- no public ip assigned
- private ip from private subnet range
- route 0.0.0.0/0 to nat instance
- allow ping from VPC address range
- allow ssh from public subnet
AllwaysOk
Success
#works
Stack
Stack 'suite2' #stack
#known in test 'Stack''
Stack parameter 'InstanceType'
value
should not eq nil
Stack parameter 'KeyName'
value
should not eq nil
Stack parameter 'SSHLocation'
value
should not eq nil
Stack output 'myFront1'
value
should not eq nil
Stack output 'myNat'
value
should not eq nil
Stack output 'InstanceId1'
value
should not eq nil
Stack output 'InstanceId2'
value
should not eq nil
Stack output 'MyInternetGw'
value
should not eq nil
Finished in 0.00601 seconds (files took 1.32 seconds to load)
10 examples, 0 failures
Ec2InstanceType
instance 'myNat'
ec2: instanceName=myNat
instance_type
should eq "t2.micro"
Ec2PrivateIp
instance 'myNat'
ec2: instanceName=myNat, private_ip_address: 10.0.0.233
#valid cidr 10.0.0.0/24
Ec2PublicIp
instance 'myNat'
Public IP
ec2: instanceName=myNat
public_ip_address
should not eql nil
Ec2Routes
awsRoute: instanceName=myNat
implement route {:gateway_id=>"local", :state=>"active", :destination_cidr_block=>"10.0.0.0/16"}
implement route {:destination_cidr_block=>"0.0.0.0/0", :state=>"active", :gateway_id=>/^igw.*/}
Ec2SecurityGroups
Security group: instanceName=myNat
ingress rules
WARNING does not validate all ingress rules in test suite
implement ingress rule: {:ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
implement ingress rule: {:ip_protocol=>"tcp", :from_port=>22, :to_port=>22, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
implement ingress rule: {:ip_protocol=>"tcp", :from_port=>80, :to_port=>80, :ip_ranges=>[{:cidr_ip=>"10.0.1.0/24"}]}
egress rules
WARNING does not validate all egress rules in test suite
implement egress rule: {:ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
implement egress rule: {:ip_protocol=>"tcp", :from_port=>22, :to_port=>22, :ip_ranges=>[{:cidr_ip=>"10.0.1.0/24"}]}
implement egress rule: {:ip_protocol=>"tcp", :from_port=>80, :to_port=>80, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
Ec2StatusNormal
instanceName 'myNat'
ec2: instanceName=myNat
system_status_not_impaired?
should eq true
ec2: instanceName=myNat
instance_state_running?
should eq true
NetworkCanPing
ping 3 times to 'www.google.com', wait response within 20 seconds
Command "ping www.google.com -W 20 -c 3"
exit_status
should eq 0
RespondsToPing
ping 'myNat'
ec2: instanceName=myNat
#reponds within 20 seconds with 3 test counts
public_dns_name
should not eql nil
Finished in 8.82 seconds (files took 2.41 seconds to load)
18 examples, 0 failures
Ec2InstanceType
instance 'myFront1'
ec2: instanceName=myFront1
instance_type
should eq "t2.micro"
Ec2PrivateIp
instance 'myFront1'
ec2: instanceName=myFront1, private_ip_address: 10.0.0.99
#valid cidr 10.0.0.0/24
Ec2PublicIp
instance 'myFront1'
Public IP
ec2: instanceName=myFront1, public_ip_address: 52.18.218.246
public_ip_address
should eql "52.18.218.246"
Ec2Routes
awsRoute: instanceName=myFront1
implement route {:gateway_id=>"local", :state=>"active", :destination_cidr_block=>"10.0.0.0/16"}
implement route {:destination_cidr_block=>"0.0.0.0/0", :state=>"active", :gateway_id=>/^igw.*/}
Ec2SecurityGroups
Security group: instanceName=myFront1
ingress rules
WARNING does not validate all ingress rules in test suite
implement ingress rule: {:ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
implement ingress rule: {:ip_protocol=>"tcp", :from_port=>22, :to_port=>22, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
egress rules
WARNING does not validate all egress rules in test suite
implement egress rule: {:ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
implement egress rule: {:ip_protocol=>"tcp", :from_port=>22, :to_port=>22, :ip_ranges=>[{:cidr_ip=>"10.0.1.0/24"}]}
implement egress rule: {:ip_protocol=>"tcp", :from_port=>443, :to_port=>443, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
Ec2StatusNormal
instanceName 'myFront1'
ec2: instanceName=myFront1
system_status_not_impaired?
should eq true
ec2: instanceName=myFront1
instance_state_running?
should eq true
NetworkCanPing
ping 3 times to 'www.google.com', wait response within 20 seconds
Command "ping www.google.com -W 20 -c 3"
exit_status
should eq 0
RespondsToPing
ping 'myFront1'
ec2: instanceName=myFront1
#reponds within 20 seconds with 3 test counts
public_dns_name
should not eql nil
ValidOSVersion
Operating system codename 'trusty'
Command "lsb_release --c -s"
stdout
should match /trusty/
Finished in 9.91 seconds (files took 2.46 seconds to load)
18 examples, 0 failures
Ec2PrivateIp
instance 'myBack1'
ec2: instanceName=myBack1, private_ip_address: 10.0.1.246
#valid cidr 10.0.1.0/24
Ec2PublicIp
instance 'myBack1'
Public IP
ec2: instanceName=myBack1
public_ip_address
should eql nil
Ec2Routes
awsRoute: instanceName=myBack1
implement route {:gateway_id=>"local", :state=>"active", :destination_cidr_block=>"10.0.0.0/16"}
implement route {:destination_cidr_block=>"0.0.0.0/0", :state=>"active", :instance_id=>/^i-.*/}
Ec2SecurityGroups
Security group: instanceName=myBack1
ingress rules
validate all ingress rules in test suite
implement ingress rule: {:ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1, :ip_ranges=>[{:cidr_ip=>"10.0.0.0/16"}]}
implement ingress rule: {:ip_protocol=>"tcp", :from_port=>22, :to_port=>22, :ip_ranges=>[{:cidr_ip=>"10.0.0.0/24"}]}
egress rules
validates all egress rules in test suite
implement egress rule: {:ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
implement egress rule: {:ip_protocol=>"tcp", :from_port=>80, :to_port=>80, :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}]}
Ec2StatusNormal
instanceName 'myBack1'
ec2: instanceName=myBack1
system_status_not_impaired?
should eq true
ec2: instanceName=myBack1
instance_state_running?
should eq true
NetworkCanPing
ping 3 times to 'www.google.com', wait response within 20 seconds
Command "ping www.google.com -W 20 -c 3"
exit_status
should eq 0
ValidOSVersion
Operating system codename 'trusty'
Command "lsb_release --c -s"
stdout
should match /trusty/
Finished in 9.88 seconds (files took 2.25 seconds to load)
14 examples, 0 failures
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment