worried-engineer-3388405/09/2019, 7:16 PM
little-river-4942205/09/2019, 7:38 PM
gentle-diamond-7014705/09/2019, 9:18 PM
I did a slight refactoring of the AWS WebServer example at <https://github.com/pulumi/examples/tree/master/aws-py-webserver>, and wrote a little test below that checks to ensure we don't have unrestricted CIDR blocks on security groups. A few things to note: (1) the project structure needs to change a little rather than declaring everything in __main__.py to facilitate importing, (2) we call a few pulumi.runtime.settings._set_x(..) helpers in our test before allocating anything, and (3) slightly awkwardly, I had to do the import inside of the test case itself, to avoid promises being allocated on a separate event loop than the test is running on.
test.py import asyncio import unittest # Import the Pulumi SDK and turn on test mode *before* allocating anything. import pulumi pulumi.runtime.settings._set_test_mode_enabled(True) pulumi.runtime.settings._set_project('webserver') pulumi.runtime.settings._set_stack('test') ## Tests come next: def async_test(coro): def wrapper(*args, **kwargs): loop = asyncio.new_event_loop() loop.run_until_complete(coro(*args, **kwargs)) loop.close() return wrapper class InstanceTests(unittest.TestCase): @async_test async def test_no_internet_access(self): # Now import the infrastructure module which will allocate our resource objects. from infra import group, server # Rendezvous with the resource's resulting ingress rules. ingress_fut = asyncio.Future() group.ingress.apply(lambda ig: ingress_fut.set_result(ig)) ingress = await ingress_fut # Now loop through them and reject any that are open to the Internet (0.0.0.0/0). for rule in ingress: for cidr in rule['cidr_blocks']: self.assertNotEqual('0.0.0.0/0', cidr)
worried-engineer-3388405/10/2019, 7:24 PM
output for a resource, e.g.
using the same async + apply strategy you've shown here, it comes back as
. Is that expected? In my test, I am checking that an S3 bucket name is what I set the name to. So in
I am trying to assert that
bucket = s3.Bucket('my-bucket')
but the id is
await id_future == 'my-bucket'
. Am I missing something? cc @white-balloon-205 @bitter-oil-46081
bitter-oil-4608105/10/2019, 7:36 PM
. Since we can not actually run the resource providers (since there's no
invocation in the mix) we can't know what
it is going to set in general. Since there's no
input to the resource (normally the provider computes it based on the other inputs) it doesn't get a real output.