Skip to content

Instantly share code, notes, and snippets.

@twellspring

twellspring/all_three_buckets.yml Secret

Last active April 16, 2020 06:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save twellspring/ebf1a3670180c3336259ed88ec29b6dc to your computer and use it in GitHub Desktop.
Save twellspring/ebf1a3670180c3336259ed88ec29b6dc to your computer and use it in GitHub Desktop.
Download ZIP
potemkin-decorator-blog
Raw
all_three_buckets.yml
Parameters:
BucketName:
Type: String
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
Raw
encrypted_bucket.yml
Parameters:
BucketName:
Type: String
Encryption:
Type: String
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: !Ref Encryption
Raw
multi-multi.py
@potemkin.CloudFormationStack(
'test/templates/encrypted_bucket.yml',
stack_name_stem='TestStack2',
parameters={'BucketName': 'unclefreddie33389', 'Encryption': 'AES256'}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
configservice = boto3.Session().client('config')
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33389',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'NON_COMPLIANT'
@potemkin.CloudFormationStack(
'test/templates/unencrypted_bucket.yml',
stack_name_stem='TestStack3',
parameters={'BucketName': 'unclefreddie33390'}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
configservice = boto3.Session().client('config')
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33390',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'NON_COMPLIANT'
Raw
multi-multi_pytest.txt
$ pytest test/integration/
================================= test session starts =================================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
collected 1 item
test/integration/config_service_test.py .. [100%]
============================ 1 passed in 549.50s (0:09:09) ============================
Raw
one_resource.py
import potemkin
import boto3
@potemkin.CloudFormationStack(
  'test/templates/encrypted_bucket.yml',
  stack_name_stem='TestStack1',
  parameters={'BucketName': 'unclefreddie33388', 'Encryption': 'aws:kms'}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
  configservice = boto3.Session().client('config')
  results = config_rule_wait_for_resource(configservice, 
                                          resource_id='unclefreddie33388', 
                                          rule_name='config-rule-s3-encryption')
  assert results['ComplianceType'] == 'COMPLIANT'
Raw
one_resource_pytest.txt
$ pytest test/integration/
================================= test session starts =================================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
collected 1 item
test/integration/config_service_test.py . [100%]
============================ 1 passed in 177.37s (0:02:57) ============================
Raw
one_test.py
import potemkin
import boto3
@potemkin.CloudFormationStack(
'test/templates/all_three_buckets.yml',
stack_name_stem='TestStack1',
parameters={'BucketName1': 'unclefreddie33388',
'BucketName2': 'unclefreddie33389',
'BucketName3': 'unclefreddie33390',}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
configservice = boto3.Session().client('config')
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33388',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'COMPLIANT'
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33389',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'NON_COMPLIANT'
results = config_rule_wait_for_resource(configservice,
resource_id='unclefreddie33390',
rule_name='config-rule-s3-encryption')
assert results['ComplianceType'] == 'NON_COMPLIANT'
Raw
one_test_pytest.txt
$ pytest test/integration/
================================= test session starts =================================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
collected 1 item
test/integration/config_service_test.py . [100%]
============================ 1 passed in 177.78s (0:02:57) ============================
Raw
pytest-parallel.txt
$ pytest --tests-per-worker 4 test/unit
============================ test session starts ============================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
collected 7 items
pytest-parallel: 1 worker (process), 4 tests per worker (threads)
...FFEEFE
=================================== ERRORS ==================================
Raw
pytest-xdist_integration.txt
$ pytest -n 4 test/unit
============================= test session starts ==============================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
gw0 [3] / gw1 [3] / gw2 [3] / gw3 [3]
... [100%]
======================== 3 passed in 179.46s (0:02:59) ========================
Raw
pytest-xdist_unit.txt
$ pytest -n 4 test/unit
============================= test session starts ==============================
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1
rootdir: /Users/myuser/potemkin-s3-encryption-test
gw0 [7] / gw1 [7] / gw2 [7] / gw3 [7]
....... [100%]
============================== 7 passed in 0.81s ===============================
Raw
streamlined.py
import potemkin
import boto3
@potemkin.CloudFormationStack(
'test/templates/all_three_buckets.yml',
stack_name_stem='TestStack1',
parameters={'BucketName1': 'unclefreddie33388',
'BucketName2': 'unclefreddie33389',
'BucketName3': 'unclefreddie33390',}
)
def test_bucket_encryption_rule(stack_outputs, stack_name):
configservice = boto3.Session().client('config')
expected_results = {
"unclefreddie33388": "NON_COMPLIANT",
"unclefreddie33389": "NON_COMPLIANT",
"unclefreddie33390": "NON_COMPLIANT"
}
assert config_rule_wait_for_compliance_results(
configservice,
rule_name='config-rule-s3-encryption',
expected_results=expected_results)
Raw
unencrypted_bucket.yml
Parameters:
BucketName:
Type: String
BucketName2:
Type: String
BucketName3:
Type: String
Resources:
S3Bucket1:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName1
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: aws:kms
S3Bucket2:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName2
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: aws:kms
S3Bucket3:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment