Skip to content

Instantly share code, notes, and snippets.

@twellspring twellspring/all_three_buckets.yml Secret
Last active Apr 16, 2020

Embed
What would you like to do?
potemkin-decorator-blog
Parameters:
BucketName:
Type: String
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
Parameters:
BucketName:
Type: String
Encryption:
Type: String
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: !Ref Encryption
@potemkin.CloudFormationStack(
'test/templates/encrypted_bucket.yml',
stack_name_stem='TestStack2',
parameters={'BucketName': 'unclefreddie33389', 'Encryption': 'AES256'}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
configservice = boto3.Session().client('config')
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33389',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'NON_COMPLIANT'
@potemkin.CloudFormationStack(
'test/templates/unencrypted_bucket.yml',
stack_name_stem='TestStack3',
parameters={'BucketName': 'unclefreddie33390'}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
configservice = boto3.Session().client('config')
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33390',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'NON_COMPLIANT'
$ pytest test/integration/
================================= test session starts =================================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
collected 1 item
test/integration/config_service_test.py .. [100%]
============================ 1 passed in 549.50s (0:09:09) ============================
import potemkin
import boto3
@potemkin.CloudFormationStack(
  'test/templates/encrypted_bucket.yml',
  stack_name_stem='TestStack1',
  parameters={'BucketName': 'unclefreddie33388', 'Encryption': 'aws:kms'}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
  configservice = boto3.Session().client('config')
  results = config_rule_wait_for_resource(configservice
                                          resource_id='unclefreddie33388'
                                          rule_name='config-rule-s3-encryption')
  assert results['ComplianceType'] == 'COMPLIANT'
$ pytest test/integration/
================================= test session starts =================================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
collected 1 item
test/integration/config_service_test.py . [100%]
============================ 1 passed in 177.37s (0:02:57) ============================
import potemkin
import boto3
@potemkin.CloudFormationStack(
'test/templates/all_three_buckets.yml',
stack_name_stem='TestStack1',
parameters={'BucketName1': 'unclefreddie33388',
'BucketName2': 'unclefreddie33389',
'BucketName3': 'unclefreddie33390',}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
configservice = boto3.Session().client('config')
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33388',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'COMPLIANT'
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33389',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'NON_COMPLIANT'
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33390',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'NON_COMPLIANT'
$ pytest test/integration/
================================= test session starts =================================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
collected 1 item
test/integration/config_service_test.py . [100%]
============================ 1 passed in 177.78s (0:02:57) ============================
$ pytest --tests-per-worker 4 test/unit
============================ test session starts ============================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
collected 7 items
pytest-parallel: 1 worker (process), 4 tests per worker (threads)
...FFEEFE
=================================== ERRORS ==================================
$ pytest -n 4 test/unit
============================= test session starts ==============================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
gw0 [3] / gw1 [3] / gw2 [3] / gw3 [3]
... [100%]
======================== 3 passed in 179.46s (0:02:59) ========================
$ pytest -n 4 test/unit
============================= test session starts ==============================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
gw0 [7] / gw1 [7] / gw2 [7] / gw3 [7]
....... [100%]
============================== 7 passed in 0.81s ===============================
import potemkin
import boto3
@potemkin.CloudFormationStack(
'test/templates/all_three_buckets.yml',
stack_name_stem='TestStack1',
parameters={'BucketName1': 'unclefreddie33388',
'BucketName2': 'unclefreddie33389',
'BucketName3': 'unclefreddie33390',}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
configservice = boto3.Session().client('config')
expected_results = {
"unclefreddie33388": "NON_COMPLIANT",
"unclefreddie33389": "NON_COMPLIANT",
"unclefreddie33390": "NON_COMPLIANT"
}
assert config_rule_wait_for_compliance_results(
configservice,
rule_name='config-rule-s3-encryption',
expected_results=expected_results)
Parameters:
BucketName:
Type: String
BucketName2:
Type: String
BucketName3:
Type: String
Resources:
S3Bucket1:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName1
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: aws:kms
S3Bucket2:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName2
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: aws:kms
S3Bucket3:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.