-
-
Save twellspring/ebf1a3670180c3336259ed88ec29b6dc to your computer and use it in GitHub Desktop.
potemkin-decorator-blog
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Parameters: | |
BucketName: | |
Type: String | |
Resources: | |
S3Bucket: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Ref BucketName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Parameters: | |
BucketName: | |
Type: String | |
Encryption: | |
Type: String | |
Resources: | |
S3Bucket: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Ref BucketName | |
BucketEncryption: | |
ServerSideEncryptionConfiguration: | |
- ServerSideEncryptionByDefault: | |
SSEAlgorithm: !Ref Encryption |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@potemkin.CloudFormationStack( | |
'test/templates/encrypted_bucket.yml', | |
stack_name_stem='TestStack2', | |
parameters={'BucketName': 'unclefreddie33389', 'Encryption': 'AES256'} | |
) | |
def test_bucket_encryption_rule(stack_outputs, stack_name): | |
configservice = boto3.Session().client('config') | |
results = config_rule_wait_for_resource(configservice, | |
resource_id='unclefreddie33389', | |
rule_name='config-rule-s3-encryption') | |
assert results['ComplianceType'] == 'NON_COMPLIANT' | |
@potemkin.CloudFormationStack( | |
'test/templates/unencrypted_bucket.yml', | |
stack_name_stem='TestStack3', | |
parameters={'BucketName': 'unclefreddie33390'} | |
) | |
def test_bucket_encryption_rule(stack_outputs, stack_name): | |
configservice = boto3.Session().client('config') | |
results = config_rule_wait_for_resource(configservice, | |
resource_id='unclefreddie33390', | |
rule_name='config-rule-s3-encryption') | |
assert results['ComplianceType'] == 'NON_COMPLIANT' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ pytest test/integration/ | |
================================= test session starts ================================= | |
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1 | |
rootdir: /Users/myuser/potemkin-s3-encryption-test | |
collected 1 item | |
test/integration/config_service_test.py .. [100%] | |
============================ 1 passed in 549.50s (0:09:09) ============================ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import potemkin | |
import boto3 | |
@potemkin.CloudFormationStack( | |
'test/templates/encrypted_bucket.yml', | |
stack_name_stem='TestStack1', | |
parameters={'BucketName': 'unclefreddie33388', 'Encryption': 'aws:kms'} | |
) | |
def test_bucket_encryption_rule(stack_outputs, stack_name): | |
configservice = boto3.Session().client('config') | |
results = config_rule_wait_for_resource(configservice, | |
resource_id='unclefreddie33388', | |
rule_name='config-rule-s3-encryption') | |
assert results['ComplianceType'] == 'COMPLIANT' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ pytest test/integration/ | |
================================= test session starts ================================= | |
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1 | |
rootdir: /Users/myuser/potemkin-s3-encryption-test | |
collected 1 item | |
test/integration/config_service_test.py . [100%] | |
============================ 1 passed in 177.37s (0:02:57) ============================ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import potemkin | |
import boto3 | |
@potemkin.CloudFormationStack( | |
'test/templates/all_three_buckets.yml', | |
stack_name_stem='TestStack1', | |
parameters={'BucketName1': 'unclefreddie33388', | |
'BucketName2': 'unclefreddie33389', | |
'BucketName3': 'unclefreddie33390',} | |
) | |
def test_bucket_encryption_rule(stack_outputs, stack_name): | |
configservice = boto3.Session().client('config') | |
results = config_rule_wait_for_resource(configservice, | |
resource_id='unclefreddie33388', | |
rule_name='config-rule-s3-encryption') | |
assert results['ComplianceType'] == 'COMPLIANT' | |
results = config_rule_wait_for_resource(configservice, | |
resource_id='unclefreddie33389', | |
rule_name='config-rule-s3-encryption') | |
assert results['ComplianceType'] == 'NON_COMPLIANT' | |
results = config_rule_wait_for_resource(configservice, | |
resource_id='unclefreddie33390', | |
rule_name='config-rule-s3-encryption') | |
assert results['ComplianceType'] == 'NON_COMPLIANT' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ pytest test/integration/ | |
================================= test session starts ================================= | |
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1 | |
rootdir: /Users/myuser/potemkin-s3-encryption-test | |
collected 1 item | |
test/integration/config_service_test.py . [100%] | |
============================ 1 passed in 177.78s (0:02:57) ============================ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ pytest --tests-per-worker 4 test/unit | |
============================ test session starts ============================ | |
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1 | |
rootdir: /Users/myuser/potemkin-s3-encryption-test | |
collected 7 items | |
pytest-parallel: 1 worker (process), 4 tests per worker (threads) | |
...FFEEFE | |
=================================== ERRORS ================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ pytest -n 4 test/unit | |
============================= test session starts ============================== | |
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1 | |
rootdir: /Users/myuser/potemkin-s3-encryption-test | |
gw0 [3] / gw1 [3] / gw2 [3] / gw3 [3] | |
... [100%] | |
======================== 3 passed in 179.46s (0:02:59) ======================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ pytest -n 4 test/unit | |
============================= test session starts ============================== | |
platform darwin -- Python 3.7.4, pytest-5.4.1, py-1.8.1, pluggy-0.13.1 | |
rootdir: /Users/myuser/potemkin-s3-encryption-test | |
gw0 [7] / gw1 [7] / gw2 [7] / gw3 [7] | |
....... [100%] | |
============================== 7 passed in 0.81s =============================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import potemkin | |
import boto3 | |
@potemkin.CloudFormationStack( | |
'test/templates/all_three_buckets.yml', | |
stack_name_stem='TestStack1', | |
parameters={'BucketName1': 'unclefreddie33388', | |
'BucketName2': 'unclefreddie33389', | |
'BucketName3': 'unclefreddie33390',} | |
) | |
def test_bucket_encryption_rule(stack_outputs, stack_name): | |
configservice = boto3.Session().client('config') | |
expected_results = { | |
"unclefreddie33388": "NON_COMPLIANT", | |
"unclefreddie33389": "NON_COMPLIANT", | |
"unclefreddie33390": "NON_COMPLIANT" | |
} | |
assert config_rule_wait_for_compliance_results( | |
configservice, | |
rule_name='config-rule-s3-encryption', | |
expected_results=expected_results) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Parameters: | |
BucketName: | |
Type: String | |
BucketName2: | |
Type: String | |
BucketName3: | |
Type: String | |
Resources: | |
S3Bucket1: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Ref BucketName1 | |
BucketEncryption: | |
ServerSideEncryptionConfiguration: | |
- ServerSideEncryptionByDefault: | |
SSEAlgorithm: aws:kms | |
S3Bucket2: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Ref BucketName2 | |
BucketEncryption: | |
ServerSideEncryptionConfiguration: | |
- ServerSideEncryptionByDefault: | |
SSEAlgorithm: aws:kms | |
S3Bucket3: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Ref BucketName3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment