cloud-mu 3.1.3 → 3.3.0

data/modules/tests/regrooms/aws-iam.yaml

@@ -0,0 +1,201 @@
+# clouds: AWS
+---
+appname: smoketest
+roles:
+- name: somerole
+  can_assume:
+  - entity_id: ec2.amazonaws.com
+    entity_type: service
+  import:
+  - AmazonLexReadOnly
+  - arn:aws:iam::aws:policy/AmazonRDSFullAccess
+  policies:
+  - name: a_basic_policy
+    permissions:
+    - ec2:CreateSnapshot
+    targets:
+    - identifier: thing1
+      type: user
+  iam_policies:
+  - CloudWatch_Logs:
+      Version: '2012-10-17'
+      Statement:
+      - Sid: Stmt1406256819000
+        Effect: Allow
+        Action:
+        - logs:CreateLogGroup
+        - logs:CreateLogStream
+        - logs:DeleteRetentionPolicy
+        - logs:DescribeLogGroups
+        - logs:DescribeLogStreams
+        - logs:DescribeMetricFilters
+        - logs:GetLogEvents
+        - logs:PutLogEvents
+        - logs:PutMetricFilter
+        - logs:PutRetentionPolicy
+        - logs:TestMetricFilter
+        Resource:
+        - "*"
+  - Snapshots_and_Tags:
+      Version: '2012-10-17'
+      Statement:
+      - Sid: Stmt1385828567000
+        Effect: Allow
+        Action:
+        - ec2:CreateSnapshot
+        - ec2:DeleteSnapshot
+        - ec2:DescribeSnapshotAttribute
+        - ec2:DescribeSnapshots
+        - ec2:DescribeTags
+        - ec2:DescribeInstanceAttribute
+        - ec2:DescribeInstanceStatus
+        - ec2:DescribeInstances
+        - ec2:CreateTags
+        - ec2:DescribeVolumes
+        - ec2:DescribeVolumeAttribute
+        - ec2:DescribeVolumeStatus
+        - ec2:ModifySnapshotAttribute
+        Resource: "*"
+- name: somepolicies
+  bare_policies: true
+  iam_policies:
+  - AllowCertListing:
+      Version: '2012-10-17'
+      Statement:
+      - Effect: Allow
+        Action: acm:ListCertificates
+        Resource: "*"
+- name: assume_condition_test
+  can_assume:
+  - assume_method: web
+    conditions:
+    - comparison: StringEquals
+      variable: cognito-identity.amazonaws.com:aud
+      values:
+      - us-east-1:1aba9203-4b68-4bf3-b8ac-06c0335bec6f
+    entity_type: federated
+    entity_id: cognito-identity.amazonaws.com
+  attachable_policies:
+  - id: AmazonDynamoDBReadOnlyAccess
+  - id: AmazonS3ReadOnlyAccess
+# XXX this one will fail if someone ever deletes the VPC or account specified;
+# need our implementation to look up Refs here so we can specify VPCs, etc
+# dynamically. Also logic like this is so hard to use we should provide a
+# shortcut for it.
+- name: restrict_by_vpc_test
+  bare_policies: true
+  policies:
+  - name: restrict_by_vpc_test_0
+    permissions:
+    - ec2:Describe*
+    - ec2:CreateKeyPair
+    - ec2:CreateSecurityGroup
+    - iam:GetInstanceProfile
+    - iam:ListInstanceProfiles
+    flag: allow
+    targets:
+    - identifier: "*"
+  - name: restrict_by_vpc_test_1
+    permissions:
+    - ec2:RebootInstances
+    - ec2:StopInstances
+    - ec2:TerminateInstances
+    - ec2:StartInstances
+    - ec2:AttachVolume
+    - ec2:DetachVolume
+    flag: allow
+    targets:
+    - identifier: arn:aws:ec2:us-east-1:616552976502:instance/*
+    conditions:
+    - comparison: StringEquals
+      variable: ec2:InstanceProfile
+      values:
+      - arn:aws:iam::616552976502:instance-profile/test_role_delete_me
+  - name: restrict_by_vpc_test_2
+    permissions:
+    - ec2:RunInstances
+    flag: allow
+    targets:
+    - identifier: arn:aws:ec2:us-east-1:616552976502:instance/*
+    conditions:
+    - comparison: StringEquals
+      variable: ec2:InstanceProfile
+      values:
+      - arn:aws:iam::616552976502:instance-profile/test_role_delete_me
+  - name: restrict_by_vpc_test_3
+    permissions:
+    - ec2:RunInstances
+    flag: allow
+    targets:
+    - identifier: arn:aws:ec2:us-east-1:616552976502:subnet/*
+    conditions:
+    - comparison: StringEquals
+      variable: ec2:vpc
+      values:
+      - arn:aws:ec2:us-east-1:616552976502:vpc/vpc-29531e4c
+  - name: restrict_by_vpc_test_4
+    permissions:
+    - ec2:RunInstances
+    flag: allow
+    targets:
+    - identifier: arn:aws:ec2:us-east-1:616552976502:volume/*
+    - identifier: arn:aws:ec2:us-east-1::image/*
+    - identifier: arn:aws:ec2:us-east-1::snapshot/*
+    - identifier: arn:aws:ec2:us-east-1:616552976502:network-interface/*
+    - identifier: arn:aws:ec2:us-east-1:616552976502:key-pair/*
+    - identifier: arn:aws:ec2:us-east-1:616552976502:security-group/*
+  - name: restrict_by_vpc_test_5
+    permissions:
+    - ec2:AuthorizeSecurityGroupEgress
+    - ec2:AuthorizeSecurityGroupIngress
+    flag: allow
+    targets:
+    - identifier: "*"
+    conditions:
+    - comparison: StringEquals
+      variable: ec2:vpc
+      values:
+      - arn:aws:ec2:us-east-1:616552976502:vpc/vpc-29531e4c
+users:
+- name: thing1
+  tags:
+  - key: thisisatag
+    value: thisisatagvalue
+  - key: anewtag
+    value: anewtagvalue
+  groups:
+  - developers
+  - impliedgroup
+  - declaredawsgroup
+  create_console_password: true
+  create_api_key: true
+  raw_policies:
+  - Thing1CertListing:
+      Version: '2012-10-17'
+      Statement:
+      - Effect: Allow
+        Action: acm:ListCertificates
+        Resource: "*"
+groups:
+- name: admin
+  members:
+  - thing1
+- name: declaredgroup
+  purge_extra_members: true
+  members:
+  - robert.patt-corner@eglobaltech.com
+  raw_policies:
+  - S3_List_Get_Objects:
+      Version: '2012-10-17'
+      Statement:
+      - Effect: Allow
+        Action:
+        - s3:GetObject
+        - s3:PutBucket
+        - s3:ListBucket
+        - s3:ListAllMyBuckets
+        Resource:
+        - "*"
+vpcs:
+- name: flowlogtest
+  enable_traffic_logging: false

data/modules/tests/regrooms/bucket.yml

@@ -0,0 +1,19 @@
+---
+appname: smoketest
+buckets:
+- name: bucket
+  policies:
+  - name: testpermissions
+    grant_to:
+    - identifier: egt.gcp.sandbox@gmail.com
+    targets: # XXX this is redundant except for path:
+    - type: bucket
+      identifier: bucket
+  - name: testpermissions2
+    grant_to:
+    - identifier: williamdingiv@gmail.com
+    targets: # XXX this is redundant except for path:
+    - type: bucket
+      identifier: bucket
+  web: false
+  versioning: true

data/modules/tests/regrooms/rds.yaml

@@ -0,0 +1,123 @@
+# clouds: AWS
+---
+appname: smoketest
+vpcs:
+- name: rdstests
+firewall_rules:
+- name: world
+  vpc:
+    name: rdstests
+  rules:
+  - port: 3307
+    hosts:
+    - 0.0.0.0/0
+databases:
+- name: pgcluster
+  size: db.t3.medium
+  engine: postgres
+  engine_version: "10"  
+  allow_major_version_upgrade: true
+  auto_minor_version_upgrade: false
+  backup_retention_period: 8
+  cluster_node_count: 2
+  create_cluster: true
+  cluster_parameter_group_parameters:
+  - name: log_disconnections
+    value: "0"
+  - name: authentication_timeout
+    value: "35"
+  vpc:
+    name: rdstests
+  master_user: Jimmy
+
+#- name: mysqlcluster
+#  size: db.t3.medium
+#  engine: aurora
+#  cluster_mode: serverless
+#  create_cluster: true
+#  vpc:
+#    name: rdstests
+
+- name: maria-base
+  size: db.t3.small
+  engine: mariadb
+  db_parameter_group_parameters:
+  - name: autocommit
+    value: "1"
+  vpc:
+    name: rdstests
+  region: us-east-1
+  create_read_replica: true
+  read_replica_region: us-east-2
+  cloudwatch_logs:
+  - slowquery
+  - error
+  multi_az_on_create: true
+  master_user: Stoki
+- name: maria-from-snap
+  size: db.t3.small
+  engine: mariadb
+  port: 3307
+  vpc:
+    name: rdstests
+  add_firewall_rules:
+  - name: world 
+  creation_style: new_snapshot
+  source:
+    name: maria-base
+- name: maria-point-in-time
+  creation_style: point_in_time
+  size: db.t2.micro
+  engine: mariadb
+  cloudwatch_logs:
+  - error
+  - general
+  source:
+    name: maria-base
+  vpc:
+    name: rdstests
+
+- name: oracle-base
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+  master_user: helen
+- name: oracle-from-snap
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+  creation_style: new_snapshot
+  source:
+    name: oracle-base
+- name: oracle-point-in-time
+  size: db.m5.large
+  engine: oracle
+  vpc:
+    name: rdstests
+  creation_style: point_in_time
+  source:
+    name: oracle-base
+
+- name: sqlserver-base
+  size: db.t3.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+- name: sqlserver-from-snap
+  size: db.t3.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+  creation_style: new_snapshot
+  source:
+    name: sqlserver-base
+- name: sqlserver-point-in-time
+  size: db.t3.small
+  engine: sqlserver-ex
+  vpc:
+    name: rdstests
+  creation_style: point_in_time
+  source:
+    name: sqlserver-base

data/modules/tests/server-with-scrub-muisms.yaml

@@ -10,9 +10,10 @@ servers:
 - name: <%= name %>
   groomer: Ansible
   platform: centos7
+  ssh_user: centos
   cloud: <%= cloud %>
 <% if cloud == "AWS" %>
-  size: t2.medium
+  size: t3.medium
 <% elsif cloud == "Azure" %>
   size: Standard_DS1_v2
 <% elsif cloud == "Google" %>

data/modules/tests/super_complex_bok.yml

@@ -9,9 +9,9 @@ parameters:
   - name: vpc_name
     required: false
   - name: instance_type
-    default: t2.medium
+    default: t3.medium
   - name: db_size
-    default: db.t2.small
+    default: db.t3.small
   - name: vpc_name
     default: superBoK_VPC
   - name: logs_name

data/modules/tests/super_simple_bok.yml

@@ -4,13 +4,13 @@
 appname: smoketest
 parameters:
   - name: complexity
-    default: complex
+    default: simple
   - name: vpc_name
     required: false
   - name: instance_type
-    default: t2.medium
+    default: t3.medium
   - name: db_size
-    default: db.t2.small
+    default: db.t3.small
   - name: vpc_name
     default: superBoK_VPC
   - name: logs_name
@@ -20,8 +20,6 @@ parameters:
   - name: server_pools_name
     default: superBoK_ServerPool
 
-<% $complexity = 'complex' %>
-
 vpcs:
 -
   <%= include("../mu/config/vpc.yml") %>

data/modules/tests/win2k12.yaml

@@ -1,13 +1,25 @@
-# Windows Server 2012 R2
+# Windows Server tests
+# clouds: AWS, Google
 ---
 appname: smoketest
 us_only: true
 vpcs:
-- name: win2k12
+- name: windows
+  cloud: <%= cloud %>
 servers:
 - name: win2k12
   platform: win2k12
-  size: m3.large
+  cloud: <%= cloud %>
+<% if cloud == "AWS" %>
+  size: m4.large
+<% elsif cloud == "Azure" %>
+  size: Standard_DS1_v2
+<% elsif cloud == "Google" %>
+  size: n1-standard-2
+<% end %>
   vpc:
-    name: win2k12
-    subnet_pref: private
+    name: windows
+    subnet_pref: public
+  associate_public_ip: true
+  static_ip:
+    assign_ip: true

data/modules/tests/win2k16.yaml

@@ -0,0 +1,25 @@
+# Windows Server tests
+# clouds: AWS, Google
+---
+appname: smoketest
+us_only: true
+vpcs:
+- name: windows
+  cloud: <%= cloud %>
+servers:
+- name: win2k16
+  platform: win2k16
+  cloud: <%= cloud %>
+<% if cloud == "AWS" %>
+  size: m4.large
+<% elsif cloud == "Azure" %>
+  size: Standard_DS1_v2
+<% elsif cloud == "Google" %>
+  size: n1-standard-2
+<% end %>
+  vpc:
+    name: windows
+    subnet_pref: public
+  associate_public_ip: true
+  static_ip:
+    assign_ip: true