cloud-mu 3.1.2 → 3.2.0

data/modules/tests/ecs.yaml

@@ -0,0 +1,23 @@
+# Test ECS
+# clouds: AWS
+---
+appname: smoketest
+vpcs:
+- name: ecs
+container_clusters:
+- name: ecsplain
+  flavor: ECS
+  instance_type: t2.medium
+  vpc:
+    name: ecs
+  containers:
+  - name: nginx
+    image: "nginx:1.8"
+- name: ecsfargate
+  flavor: Fargate
+  instance_type: t2.medium
+  vpc:
+    name: ecs
+  containers:
+  - name: nginx
+    image: "nginx:1.8"

data/modules/tests/includes-and-params.yaml

@@ -7,7 +7,7 @@ appname: smoketest
 parameters:
 - name: instancesize
   prettyname: "Instance Size"
-  default: <%= $environment == "prod" ? "t3.large" : "t3.small" %>
+  default: <%= $environment == "prod" ? "m4.large" : "t2.small" %>
 <%= include("poolparams-include.inc") %>
 vpcs:
 - name: parsemess
@@ -18,6 +18,7 @@ server_pools:
 - name: svr
   cloud: AWS
   ssh_user: ec2-user
+  platform: amazon
   tags:
     - key: Env
       value: <%= env %>

data/modules/tests/rds.yaml

@@ -0,0 +1,108 @@
+# clouds: AWS
+---
+appname: smoketest
+vpcs:
+- name: rdstests
+databases:
+- name: pgcluster
+  size: db.t3.medium
+  engine: postgres
+  engine_version: "10"  
+  auto_minor_version_upgrade: true
+  backup_retention_period: 10
+  cluster_node_count: 2
+  create_cluster: true
+  cluster_parameter_group_parameters:
+  - name: log_disconnections
+    value: "0"
+  vpc:
+    name: rdstests
+  master_user: Bob
+
+#- name: mysqlcluster
+#  size: db.t3.medium
+#  engine: aurora
+#  cluster_mode: serverless
+#  create_cluster: true
+#  vpc:
+#    name: rdstests
+
+- name: maria-base
+  size: db.t2.small
+  engine: mariadb
+  db_parameter_group_parameters:
+  - name: autocommit
+    value: "0"
+  vpc:
+    name: rdstests
+  region: us-east-1
+  create_read_replica: true
+  allow_major_version_upgrade: true
+  read_replica_region: us-east-2
+  cloudwatch_logs:
+  - slowquery
+  multi_az_on_create: true
+  master_user: Bob
+- name: maria-from-snap
+  size: db.t2.small
+  engine: mariadb
+  vpc:
+    name: rdstests
+  creation_style: new_snapshot
+  source:
+    name: maria-base
+- name: maria-point-in-time
+  creation_style: point_in_time
+  size: db.t2.micro
+  engine: mariadb
+  cloudwatch_logs:
+  - error
+  - general
+  source:
+    name: maria-base
+  vpc:
+    name: rdstests
+
+- name: oracle-base
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+- name: oracle-from-snap
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+  creation_style: new_snapshot
+  source:
+    name: oracle-base
+- name: oracle-point-in-time
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+  creation_style: point_in_time
+  source:
+    name: oracle-base
+
+- name: sqlserver-base
+  size: db.t2.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+- name: sqlserver-from-snap
+  size: db.t2.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+  creation_style: new_snapshot
+  source:
+    name: sqlserver-base
+- name: sqlserver-point-in-time
+  size: db.t2.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+  creation_style: point_in_time
+  source:
+    name: sqlserver-base

data/modules/tests/regrooms/aws-iam.yaml

@@ -0,0 +1,201 @@
+# clouds: AWS
+---
+appname: smoketest
+roles:
+- name: somerole
+  can_assume:
+  - entity_id: ec2.amazonaws.com
+    entity_type: service
+  import:
+  - AmazonLexReadOnly
+  - arn:aws:iam::aws:policy/AmazonRDSFullAccess
+  policies:
+  - name: a_basic_policy
+    permissions:
+    - ec2:CreateSnapshot
+    targets:
+    - identifier: thing1
+      type: user
+  iam_policies:
+  - CloudWatch_Logs:
+      Version: '2012-10-17'
+      Statement:
+      - Sid: Stmt1406256819000
+        Effect: Allow
+        Action:
+        - logs:CreateLogGroup
+        - logs:CreateLogStream
+        - logs:DeleteRetentionPolicy
+        - logs:DescribeLogGroups
+        - logs:DescribeLogStreams
+        - logs:DescribeMetricFilters
+        - logs:GetLogEvents
+        - logs:PutLogEvents
+        - logs:PutMetricFilter
+        - logs:PutRetentionPolicy
+        - logs:TestMetricFilter
+        Resource:
+        - "*"
+  - Snapshots_and_Tags:
+      Version: '2012-10-17'
+      Statement:
+      - Sid: Stmt1385828567000
+        Effect: Allow
+        Action:
+        - ec2:CreateSnapshot
+        - ec2:DeleteSnapshot
+        - ec2:DescribeSnapshotAttribute
+        - ec2:DescribeSnapshots
+        - ec2:DescribeTags
+        - ec2:DescribeInstanceAttribute
+        - ec2:DescribeInstanceStatus
+        - ec2:DescribeInstances
+        - ec2:CreateTags
+        - ec2:DescribeVolumes
+        - ec2:DescribeVolumeAttribute
+        - ec2:DescribeVolumeStatus
+        - ec2:ModifySnapshotAttribute
+        Resource: "*"
+- name: somepolicies
+  bare_policies: true
+  iam_policies:
+  - AllowCertListing:
+      Version: '2012-10-17'
+      Statement:
+      - Effect: Allow
+        Action: acm:ListCertificates
+        Resource: "*"
+- name: assume_condition_test
+  can_assume:
+  - assume_method: web
+    conditions:
+    - comparison: StringEquals
+      variable: cognito-identity.amazonaws.com:aud
+      values:
+      - us-east-1:1aba9203-4b68-4bf3-b8ac-06c0335bec6f
+    entity_type: federated
+    entity_id: cognito-identity.amazonaws.com
+  attachable_policies:
+  - id: AmazonDynamoDBReadOnlyAccess
+  - id: AmazonS3ReadOnlyAccess
+# XXX this one will fail if someone ever deletes the VPC or account specified;
+# need our implementation to look up Refs here so we can specify VPCs, etc
+# dynamically. Also logic like this is so hard to use we should provide a
+# shortcut for it.
+- name: restrict_by_vpc_test
+  bare_policies: true
+  policies:
+  - name: restrict_by_vpc_test_0
+    permissions:
+    - ec2:Describe*
+    - ec2:CreateKeyPair
+    - ec2:CreateSecurityGroup
+    - iam:GetInstanceProfile
+    - iam:ListInstanceProfiles
+    flag: allow
+    targets:
+    - identifier: "*"
+  - name: restrict_by_vpc_test_1
+    permissions:
+    - ec2:RebootInstances
+    - ec2:StopInstances
+    - ec2:TerminateInstances
+    - ec2:StartInstances
+    - ec2:AttachVolume
+    - ec2:DetachVolume
+    flag: allow
+    targets:
+    - identifier: arn:aws:ec2:us-east-1:616552976502:instance/*
+    conditions:
+    - comparison: StringEquals
+      variable: ec2:InstanceProfile
+      values:
+      - arn:aws:iam::616552976502:instance-profile/test_role_delete_me
+  - name: restrict_by_vpc_test_2
+    permissions:
+    - ec2:RunInstances
+    flag: allow
+    targets:
+    - identifier: arn:aws:ec2:us-east-1:616552976502:instance/*
+    conditions:
+    - comparison: StringEquals
+      variable: ec2:InstanceProfile
+      values:
+      - arn:aws:iam::616552976502:instance-profile/test_role_delete_me
+  - name: restrict_by_vpc_test_3
+    permissions:
+    - ec2:RunInstances
+    flag: allow
+    targets:
+    - identifier: arn:aws:ec2:us-east-1:616552976502:subnet/*
+    conditions:
+    - comparison: StringEquals
+      variable: ec2:vpc
+      values:
+      - arn:aws:ec2:us-east-1:616552976502:vpc/vpc-29531e4c
+  - name: restrict_by_vpc_test_4
+    permissions:
+    - ec2:RunInstances
+    flag: allow
+    targets:
+    - identifier: arn:aws:ec2:us-east-1:616552976502:volume/*
+    - identifier: arn:aws:ec2:us-east-1::image/*
+    - identifier: arn:aws:ec2:us-east-1::snapshot/*
+    - identifier: arn:aws:ec2:us-east-1:616552976502:network-interface/*
+    - identifier: arn:aws:ec2:us-east-1:616552976502:key-pair/*
+    - identifier: arn:aws:ec2:us-east-1:616552976502:security-group/*
+  - name: restrict_by_vpc_test_5
+    permissions:
+    - ec2:AuthorizeSecurityGroupEgress
+    - ec2:AuthorizeSecurityGroupIngress
+    flag: allow
+    targets:
+    - identifier: "*"
+    conditions:
+    - comparison: StringEquals
+      variable: ec2:vpc
+      values:
+      - arn:aws:ec2:us-east-1:616552976502:vpc/vpc-29531e4c
+users:
+- name: thing1
+  tags:
+  - key: thisisatag
+    value: thisisatagvalue
+  - key: anewtag
+    value: anewtagvalue
+  groups:
+  - developers
+  - impliedgroup
+  - declaredawsgroup
+  create_console_password: true
+  create_api_key: true
+  raw_policies:
+  - Thing1CertListing:
+      Version: '2012-10-17'
+      Statement:
+      - Effect: Allow
+        Action: acm:ListCertificates
+        Resource: "*"
+groups:
+- name: admin
+  members:
+  - thing1
+- name: declaredgroup
+  purge_extra_members: true
+  members:
+  - robert.patt-corner@eglobaltech.com
+  raw_policies:
+  - S3_List_Get_Objects:
+      Version: '2012-10-17'
+      Statement:
+      - Effect: Allow
+        Action:
+        - s3:GetObject
+        - s3:PutBucket
+        - s3:ListBucket
+        - s3:ListAllMyBuckets
+        Resource:
+        - "*"
+vpcs:
+- name: flowlogtest
+  enable_traffic_logging: false

data/modules/tests/regrooms/bucket.yml

@@ -0,0 +1,19 @@
+---
+appname: smoketest
+buckets:
+- name: bucket
+  policies:
+  - name: testpermissions
+    grant_to:
+    - identifier: egt.gcp.sandbox@gmail.com
+    targets: # XXX this is redundant except for path:
+    - type: bucket
+      identifier: bucket
+  - name: testpermissions2
+    grant_to:
+    - identifier: williamdingiv@gmail.com
+    targets: # XXX this is redundant except for path:
+    - type: bucket
+      identifier: bucket
+  web: false
+  versioning: true

data/modules/tests/regrooms/rds.yaml

@@ -0,0 +1,123 @@
+# clouds: AWS
+---
+appname: smoketest
+vpcs:
+- name: rdstests
+firewall_rules:
+- name: world
+  vpc:
+    name: rdstests
+  rules:
+  - port: 3307
+    hosts:
+    - 0.0.0.0/0
+databases:
+- name: pgcluster
+  size: db.t3.medium
+  engine: postgres
+  engine_version: "10"  
+  allow_major_version_upgrade: true
+  auto_minor_version_upgrade: false
+  backup_retention_period: 8
+  cluster_node_count: 2
+  create_cluster: true
+  cluster_parameter_group_parameters:
+  - name: log_disconnections
+    value: "0"
+  - name: authentication_timeout
+    value: "35"
+  vpc:
+    name: rdstests
+  master_user: Jimmy
+
+#- name: mysqlcluster
+#  size: db.t3.medium
+#  engine: aurora
+#  cluster_mode: serverless
+#  create_cluster: true
+#  vpc:
+#    name: rdstests
+
+- name: maria-base
+  size: db.t2.small
+  engine: mariadb
+  db_parameter_group_parameters:
+  - name: autocommit
+    value: "1"
+  vpc:
+    name: rdstests
+  region: us-east-1
+  create_read_replica: true
+  read_replica_region: us-east-2
+  cloudwatch_logs:
+  - slowquery
+  - error
+  multi_az_on_create: true
+  master_user: Stoki
+- name: maria-from-snap
+  size: db.t2.small
+  engine: mariadb
+  port: 3307
+  vpc:
+    name: rdstests
+  add_firewall_rules:
+  - name: world 
+  creation_style: new_snapshot
+  source:
+    name: maria-base
+- name: maria-point-in-time
+  creation_style: point_in_time
+  size: db.t2.micro
+  engine: mariadb
+  cloudwatch_logs:
+  - error
+  - general
+  source:
+    name: maria-base
+  vpc:
+    name: rdstests
+
+- name: oracle-base
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+  master_user: helen
+- name: oracle-from-snap
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+  creation_style: new_snapshot
+  source:
+    name: oracle-base
+- name: oracle-point-in-time
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+  creation_style: point_in_time
+  source:
+    name: oracle-base
+
+- name: sqlserver-base
+  size: db.t2.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+- name: sqlserver-from-snap
+  size: db.t2.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+  creation_style: new_snapshot
+  source:
+    name: sqlserver-base
+- name: sqlserver-point-in-time
+  size: db.t2.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+  creation_style: point_in_time
+  source:
+    name: sqlserver-base