-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
test_build_terraform_applications_other_cases.py
456 lines (393 loc) · 18 KB
/
test_build_terraform_applications_other_cases.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
import os
import logging
import shutil
from pathlib import Path
from unittest import skipIf
from parameterized import parameterized, parameterized_class
from tests.integration.buildcmd.test_build_terraform_applications import (
BuildTerraformApplicationIntegBase,
)
from tests.testing_utils import CI_OVERRIDE, IS_WINDOWS, RUN_BY_CANARY
LOG = logging.getLogger(__name__)
S3_SLEEP = 3
class TestBuildTerraformApplicationsWithInvalidOptions(BuildTerraformApplicationIntegBase):
terraform_application = Path("terraform/simple_application")
def test_invalid_coexist_parameters(self):
self.template_path = "template.yaml"
cmdlist = self.get_command_list(hook_name="terraform")
_, stderr, return_code = self.run_command(cmdlist)
process_stderr = stderr.strip()
self.assertRegex(
process_stderr.decode("utf-8"),
"Error: Invalid value: Parameters hook-name, and t,template-file,template,parameter-overrides cannot "
"be used together",
)
self.assertNotEqual(return_code, 0)
def test_invalid_hook_name(self):
cmdlist = self.get_command_list(hook_name="tf")
_, stderr, return_code = self.run_command(cmdlist)
process_stderr = stderr.strip()
self.assertRegex(
process_stderr.decode("utf-8"),
"Error: Invalid value: tf is not a valid hook name.",
)
self.assertNotEqual(return_code, 0)
def test_exit_failed_use_container_no_build_image_hooks(self):
cmdlist = self.get_command_list(hook_name="terraform", use_container=True)
_, stderr, return_code = self.run_command(cmdlist)
process_stderr = stderr.strip()
self.assertRegex(
process_stderr.decode("utf-8"),
"Error: Missing required parameter --build-image.",
)
self.assertNotEqual(return_code, 0)
def test_exit_failed_project_root_dir_no_hooks(self):
cmdlist = self.get_command_list(project_root_dir="/path")
_, stderr, return_code = self.run_command(cmdlist)
process_stderr = stderr.strip()
self.assertRegex(
process_stderr.decode("utf-8"),
"Error: Missing option --hook-name",
)
self.assertNotEqual(return_code, 0)
def test_exit_failed_project_root_dir_not_parent_of_current_directory(self):
cmdlist = self.get_command_list(hook_name="terraform", project_root_dir="/path")
_, stderr, return_code = self.run_command(cmdlist)
process_stderr = stderr.strip()
self.assertRegex(
process_stderr.decode("utf-8"),
"Error: /path is not a valid value for Terraform Project Root Path. It should "
"be a parent of the current directory that contains the root module of the terraform project.",
)
self.assertNotEqual(return_code, 0)
def test_exit_failed_use_container_short_format_no_build_image_hooks(self):
cmdlist = self.get_command_list(hook_name="terraform")
cmdlist += ["-u"]
_, stderr, return_code = self.run_command(cmdlist)
process_stderr = stderr.strip()
self.assertRegex(
process_stderr.decode("utf-8"),
"Error: Missing required parameter --build-image.",
)
self.assertNotEqual(return_code, 0)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
class TestInvalidTerraformApplicationThatReferToS3BucketNotCreatedYet(BuildTerraformApplicationIntegBase):
terraform_application = Path("terraform/invalid_no_local_code_project")
def test_invoke_function(self):
function_identifier = "aws_lambda_function.function"
build_cmd_list = self.get_command_list(hook_name="terraform", function_identifier=function_identifier)
LOG.info("command list: %s", build_cmd_list)
environment_variables = os.environ.copy()
_, stderr, return_code = self.run_command(build_cmd_list, env=environment_variables)
LOG.info(stderr)
process_stderr = stderr.strip()
self.assertRegex(
process_stderr.decode("utf-8"),
"Error: Lambda resource aws_lambda_function.function is referring to an S3 bucket that is not created yet, "
"and there is no sam metadata resource set for it to build its code locally",
)
self.assertNotEqual(return_code, 0)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
class TestInvalidBuildTerraformApplicationsWithZipBasedLambdaFunctionAndS3BackendNoS3Config(
BuildTerraformApplicationIntegBase
):
terraform_application = (
Path("terraform/zip_based_lambda_functions_s3_backend")
if not IS_WINDOWS
else Path("terraform/zip_based_lambda_functions_s3_backend_windows")
)
def test_build_no_s3_config(self):
command_list_parameters = {
"hook_name": "terraform",
}
build_cmd_list = self.get_command_list(**command_list_parameters)
LOG.info("command list: %s", build_cmd_list)
environment_variables = os.environ.copy()
_, stderr, return_code = self.run_command(build_cmd_list, env=environment_variables)
LOG.info(stderr)
self.assertNotEqual(return_code, 0)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
class TestUnsupportedCases(BuildTerraformApplicationIntegBase):
terraform_application = Path("terraform/unsupported")
def setUp(self):
super().setUp()
shutil.rmtree(Path(self.working_dir))
@parameterized.expand(
[
(
"conditional_layers",
r"AWS SAM CLI could not process a Terraform project that contains a source "
r"resource that is linked to more than one destination resource",
),
(
"conditional_layers_null",
r"AWS SAM CLI could not process a Terraform project that contains a source "
r"resource that is linked to more than one destination resource",
),
(
"lambda_function_with_count_and_invalid_sam_metadata",
r"There is no resource found that match the provided resource name aws_lambda_function.function1",
),
(
"one_lambda_function_linked_to_two_layers",
r"AWS SAM CLI could not process a Terraform project that contains a source "
r"resource that is linked to more than one destination resource",
),
(
"lambda_function_referencing_local_var_layer",
r"AWS SAM CLI could not process a Terraform project that uses local "
r"variables to define linked resources",
),
]
)
def test_unsupported_cases(self, app, expected_error_message):
apply_disclaimer_message = "Unresolvable attributes discovered in project, run terraform apply to resolve them."
self.terraform_application_path = Path(self.terraform_application_path) / app
shutil.copytree(Path(self.terraform_application_path), Path(self.working_dir))
build_cmd_list = self.get_command_list(hook_name="terraform")
LOG.info("command list: %s", build_cmd_list)
_, stderr, return_code = self.run_command(build_cmd_list)
LOG.info(stderr)
output = stderr.decode("utf-8")
self.assertEqual(return_code, 1)
self.assertRegex(output, expected_error_message)
self.assertRegex(output, apply_disclaimer_message)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
@parameterized_class(
[
{"app": "conditional_layers"},
{"app": "conditional_layers_null"},
{"app": "one_lambda_function_linked_to_two_layers"},
{"app": "lambda_function_referencing_local_var_layer"},
]
)
class TestUnsupportedCasesAfterApply(BuildTerraformApplicationIntegBase):
terraform_application = Path("terraform/unsupported")
def setUp(self):
super().setUp()
shutil.rmtree(Path(self.working_dir))
self.terraform_application_path = Path(self.terraform_application_path) / self.app
shutil.copytree(Path(self.terraform_application_path), Path(self.working_dir))
init_command = ["terraform", "init"]
LOG.info("init tf project command: %s", init_command)
stdout, stderr, return_code = self.run_command(init_command)
if return_code != 0:
LOG.info(stdout)
LOG.info(stderr)
self.assertEqual(return_code, 0)
apply_command = ["terraform", "apply", "-auto-approve"]
LOG.info("apply tf project command: %s", apply_command)
stdout, stderr, return_code = self.run_command(apply_command)
if return_code != 0:
LOG.info(stdout)
LOG.info(stderr)
self.assertEqual(return_code, 0)
def tearDown(self):
destroy_command = ["terraform", "destroy", "-auto-approve"]
LOG.info("destroy tf project command: %s", destroy_command)
stdout, stderr, return_code = self.run_command(destroy_command)
if return_code != 0:
LOG.info(stdout)
LOG.info(stderr)
self.assertEqual(return_code, 0)
def test_unsupported_cases_runs_after_apply(self):
build_cmd_list = self.get_command_list(hook_name="terraform")
LOG.info("command list: %s", build_cmd_list)
_, _, return_code = self.run_command(build_cmd_list)
self.assertEqual(return_code, 0)
self._verify_invoke_built_function(
function_logical_id="aws_lambda_function.function1",
overrides=None,
expected_result={"statusCode": 200, "body": "hello world 1"},
)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
class TestBuildGoFunctionAndKeepPermissions(BuildTerraformApplicationIntegBase):
terraform_application = Path("terraform/go_lambda_function_check_keep_permissions")
def test_invoke_function(self):
function_identifier = "hello-world-function"
build_cmd_list = self.get_command_list(hook_name="terraform", function_identifier=function_identifier)
LOG.info("command list: %s", build_cmd_list)
environment_variables = os.environ.copy()
_, stderr, return_code = self.run_command(build_cmd_list, env=environment_variables)
LOG.info(stderr)
self.assertEqual(return_code, 0)
self._verify_invoke_built_function(
function_logical_id=function_identifier,
overrides=None,
expected_result="{'message': 'Hello World'}",
)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
@parameterized_class(
("build_in_container",),
[
(False,),
(True,),
],
)
class TestBuildTerraformNestedDirectories(BuildTerraformApplicationIntegBase):
terraform_application = (
Path("terraform/application_outside_root_directory")
if not IS_WINDOWS
else Path("terraform/application_outside_root_directory_windows")
)
functions = [
("aws_lambda_function.function1", "hello world 1"),
("module.function2.aws_lambda_function.this", "hello world 1"),
]
@classmethod
def setUpClass(cls):
if IS_WINDOWS and cls.build_in_container:
# we use this TF project to test sam build in container on windows as we need to run a linux bash script for
# build, and also we need to remove the Serverless TF functions from this project.
# that is why we need to use a new project and not one of the existing linux or windows projects
cls.terraform_application = "terraform/application_outside_root_directory_windows_container"
if not IS_WINDOWS:
# The following functions are defined using serverless tf module, and since Serverless TF has some issue
# while executing `terraform plan` in windows, we removed these function from the TF projects we used in
# testing on Windows, and only test them on linux.
# check the Serverless TF issue https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/142
cls.functions += [
("module.function7.aws_lambda_function.this[0]", "hello world 1"),
]
super().setUpClass()
def setUp(self):
super().setUp()
self.project_dir = self.working_dir
self.working_dir = f"{self.working_dir}/root_module"
def tearDown(self):
if self.project_dir:
self.working_dir = self.project_dir
super().tearDown()
@parameterized.expand(functions)
def test_build_and_invoke_lambda_functions(self, function_identifier, expected_output):
command_list_parameters = {
"hook_name": "terraform",
"function_identifier": function_identifier,
"project_root_dir": "./..",
}
if self.build_in_container:
command_list_parameters["use_container"] = True
command_list_parameters["build_image"] = self.docker_tag
build_cmd_list = self.get_command_list(**command_list_parameters)
LOG.info("command list: %s", build_cmd_list)
stdout, stderr, return_code = self.run_command(build_cmd_list)
LOG.info("sam build stdout: %s", stdout.decode("utf-8"))
LOG.info("sam build stderr: %s", stderr.decode("utf-8"))
self.assertEqual(return_code, 0)
self._verify_invoke_built_function(
function_logical_id=function_identifier,
overrides=None,
expected_result={"statusCode": 200, "body": expected_output},
)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
class TestBuildTerraformApplicationsNestedDirectoriesGetParametersFromSamConfig(BuildTerraformApplicationIntegBase):
terraform_application = (
Path("terraform/application_outside_root_directory")
if not IS_WINDOWS
else Path("terraform/application_outside_root_directory_windows")
)
functions = [
("aws_lambda_function.function1", "hello world 1"),
]
def setUp(self):
super().setUp()
self.project_dir = self.working_dir
self.working_dir = f"{self.working_dir}/root_module"
def tearDown(self):
if self.project_dir:
self.working_dir = self.project_dir
super().tearDown()
@parameterized.expand(functions)
def test_build_and_invoke_lambda_functions(self, function_identifier, expected_output):
command_list_parameters = {
"config_file": "input_samconfig.yaml",
"function_identifier": function_identifier,
}
build_cmd_list = self.get_command_list(**command_list_parameters)
LOG.info("command list: %s", build_cmd_list)
stdout, stderr, return_code = self.run_command(build_cmd_list)
LOG.info("sam build stdout: %s", stdout.decode("utf-8"))
LOG.info("sam build stderr: %s", stderr.decode("utf-8"))
self.assertEqual(return_code, 0)
self._verify_invoke_built_function(
function_logical_id=function_identifier,
overrides=None,
expected_result={"statusCode": 200, "body": expected_output},
)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
class TestBuildTerraformApplicationsWithBlockedEnvironVariables(BuildTerraformApplicationIntegBase):
terraform_application = Path("terraform/simple_application")
@parameterized.expand(
[
("TF_CLI_ARGS", "-destroy"),
("TF_CLI_ARGS", "-target=some.module"),
("TF_CLI_ARGS_plan", "-destroy"),
("TF_CLI_ARGS_plan", "-target=some.module"),
("TF_CLI_ARGS_apply", "-destroy"),
("TF_CLI_ARGS_apply", "-target=some.module"),
]
)
def test_blocked_env_variables(self, env_name, env_value):
cmdlist = self.get_command_list(hook_name="terraform", beta_features=True)
env_variables = os.environ.copy()
env_variables[env_name] = env_value
_, stderr, return_code = self.run_command(cmdlist, env=env_variables)
process_stderr = stderr.strip()
self.assertRegex(
process_stderr.decode("utf-8"),
"Error: Environment variable '%s' contains a blocked argument, please validate it does not contain: ['-destroy', '-target']"
% env_name,
)
self.assertNotEqual(return_code, 0)
@skipIf(
(not RUN_BY_CANARY and not CI_OVERRIDE),
"Skip Terraform test cases unless running in CI",
)
class TestTerraformHandlesExceptionFromBinary(BuildTerraformApplicationIntegBase):
terraform_application = Path("terraform/broken_tf")
@parameterized.expand([True, False])
def test_subprocess_handler(self, debug_flag):
err_message = (
"Failed to execute the subprocess. The process ['terraform', 'init', '-input=false'] returned a non-zero "
"exit code 1."
)
terraform_error_message = "Error: Unclosed configuration block"
stack_trace_error = "unexpected error was encountered while executing 'sam build'"
cmdlist = self.get_command_list(
hook_name="terraform",
debug=debug_flag,
)
# add time out, so if the process hangs, the testing will not hang, but the sam command will be timed out.
# terraform plan command should fail within seconds, as there is an error in syntax, but we will wait for 5 mins
# in case if terraform init takes time.
_, stderr, return_code = self.run_command(cmdlist, timeout=300)
err_string = stderr.decode("utf-8").strip()
LOG.info("sam build stderr: %s", err_string)
self.assertEqual(return_code, 1)
self.assertIn(err_message, err_string)
self.assertIn(terraform_error_message, err_string)
self.assertNotIn(stack_trace_error, err_string)