Skip to content

Commit

Permalink
Merge pull request #4 from theonestack/feature/cognito_support
Browse files Browse the repository at this point in the history 
Feature/cognito support
  • Loading branch information
@Guslington
Guslington authored Mar 30, 2023
2 parents e7ee320 + 9aa17c9 commit d6448a4
Show file tree
Hide file tree
Showing 15 changed files with 2,292 additions and 953 deletions.
23 changes: 3 additions & 20 deletions .github/workflows/rspec.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,6 @@ name: cftest
on: [push, pull_request]

jobs:
test:
name: test
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- name: set up ruby 2.7
uses: actions/setup-ruby@v1
with:
ruby-version: 2.7.x
- name: install gems
run: gem install cfhighlander rspec
- name: set cfndsl spec
run: cfndsl -u
- name: cftest
run: rspec
env:
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ap-southeast-2
rspec:
uses: theonestack/shared-workflows/.github/workflows/rspec.yaml@main
secrets: inherit
4 changes: 4 additions & 0 deletions fargate-v2.cfhighlander.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

DependsOn 'lib-iam@0.2.0'
DependsOn 'lib-ec2@0.1.0'
DependsOn 'lib-alb'

Parameters do
ComponentParam 'EnvironmentName', 'dev', isGlobal: true
Expand All @@ -11,6 +12,9 @@
ComponentParam 'SubnetIds', type: 'CommaDelimitedList'

ComponentParam 'EcsCluster'
ComponentParam 'UserPoolId', ''
ComponentParam 'UserPoolClientId', ''
ComponentParam 'UserPoolDomainName', ''

if defined? targetgroup
ComponentParam 'DnsDomain', isGlobal: true
Expand Down
7 changes: 6 additions & 1 deletion fargate-v2.cfndsl.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@
end
end

Condition(:EnableCognito, FnNot(FnEquals(Ref(:UserPoolClientId), '')))

service_loadbalancer = []
targetgroups = external_parameters.fetch(:targetgroup, {})
multiplie_target_groups = targetgroups.is_a?(Array)
Expand Down Expand Up @@ -131,8 +133,11 @@
end
end

actions = [{ Type: "forward", Order: 5000, TargetGroupArn: Ref(targetgroup['resource_name'])}]
actions_with_cognito = actions + [cognito(Ref(:UserPoolId), Ref(:UserPoolClientId), Ref(:UserPoolDomainName))]

ElasticLoadBalancingV2_ListenerRule(rule_name) do
Actions [{ Type: "forward", TargetGroupArn: Ref(targetgroup['resource_name']) }]
Actions FnIf(:EnableCognito, actions_with_cognito, actions)
Conditions listener_conditions
ListenerArn Ref(targetgroup['listener_resource'])
Priority rule['priority']
Expand Down
241 changes: 204 additions & 37 deletions spec/alb_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,230 @@
require 'yaml'

describe 'compiled component' do
describe 'compiled component fargate-v2' do

context 'cftest' do
it 'compiles test' do
expect(system("cfhighlander cftest #{@validate} --tests tests/alb.test.yaml")).to be_truthy
end
end

let(:template) { YAML.load_file("#{File.dirname(__FILE__)}/../out/tests/alb/fargate-v2.compiled.yaml") }

context "Resource" do

context 'Resource TargetGroup' do

let(:properties) { template["Resources"]["TaskTargetGroup"]["Properties"] }
context "SecurityGroup" do
let(:resource) { template["Resources"]["SecurityGroup"] }

it 'has property Properties' do
expect(properties).to include({
"Port"=>80,
"Protocol"=>"HTTP",
"TargetType"=>"ip",
"VpcId"=>{"Ref"=>"VPCId"}
})
it "is of type AWS::EC2::SecurityGroup" do
expect(resource["Type"]).to eq("AWS::EC2::SecurityGroup")
end

it "to have property VpcId" do
expect(resource["Properties"]["VpcId"]).to eq({"Ref"=>"VPCId"})
end

it "to have property GroupDescription" do
expect(resource["Properties"]["GroupDescription"]).to eq("fargate-v2 fargate service")
end

end

context "TaskTargetGroup" do
let(:resource) { template["Resources"]["TaskTargetGroup"] }

end

context 'Resource TargetRule' do

let(:properties) { template["Resources"]["TargetRule10"]["Properties"] }
it "is of type AWS::ElasticLoadBalancingV2::TargetGroup" do
expect(resource["Type"]).to eq("AWS::ElasticLoadBalancingV2::TargetGroup")
end

it "to have property Port" do
expect(resource["Properties"]["Port"]).to eq(80)
end

it "to have property Protocol" do
expect(resource["Properties"]["Protocol"]).to eq("HTTP")
end

it "to have property VpcId" do
expect(resource["Properties"]["VpcId"]).to eq({"Ref"=>"VPCId"})
end

it "to have property TargetType" do
expect(resource["Properties"]["TargetType"]).to eq("ip")
end

it "to have property Tags" do
expect(resource["Properties"]["Tags"]).to eq([{"Key"=>"Environment", "Value"=>{"Ref"=>"EnvironmentName"}}, {"Key"=>"EnvironmentType", "Value"=>{"Ref"=>"EnvironmentType"}}])
end

end

context "TargetRule10" do
let(:resource) { template["Resources"]["TargetRule10"] }

it 'has property Properties' do
expect(properties).to eq({
"Actions"=>[{"TargetGroupArn"=>{"Ref"=>"TaskTargetGroup"}, "Type"=>"forward"}],
"Conditions"=>[{"Field"=>"host-header", "Values"=>["www.*"]}],
"ListenerArn"=>{"Ref"=>"Listener"},
"Priority"=>10
})
it "is of type AWS::ElasticLoadBalancingV2::ListenerRule" do
expect(resource["Type"]).to eq("AWS::ElasticLoadBalancingV2::ListenerRule")
end

it "to have property Actions" do
expect(resource["Properties"]["Actions"]).to eq({"Fn::If"=>["EnableCognito", [{"Type"=>"forward", "Order"=>5000, "TargetGroupArn"=>{"Ref"=>"TaskTargetGroup"}}, {"Type"=>"authenticate-cognito", "Order"=>1, "AuthenticateCognitoConfig"=>{"UserPoolArn"=>{"Ref"=>"UserPoolId"}, "UserPoolClientId"=>{"Ref"=>"UserPoolClientId"}, "UserPoolDomain"=>{"Ref"=>"UserPoolDomainName"}}}], [{"Type"=>"forward", "Order"=>5000, "TargetGroupArn"=>{"Ref"=>"TaskTargetGroup"}}]]})
end

it "to have property Conditions" do
expect(resource["Properties"]["Conditions"]).to eq([{"Field"=>"host-header", "Values"=>["www.*"]}])
end

it "to have property ListenerArn" do
expect(resource["Properties"]["ListenerArn"]).to eq({"Ref"=>"Listener"})
end

it "to have property Priority" do
expect(resource["Properties"]["Priority"]).to eq(10)
end

end

context "EcsFargateService" do
let(:resource) { template["Resources"]["EcsFargateService"] }

end
it "is of type AWS::ECS::Service" do
expect(resource["Type"]).to eq("AWS::ECS::Service")
end

it "to have property Cluster" do
expect(resource["Properties"]["Cluster"]).to eq({"Ref"=>"EcsCluster"})
end

it "to have property DesiredCount" do
expect(resource["Properties"]["DesiredCount"]).to eq({"Ref"=>"DesiredCount"})
end

it "to have property DeploymentConfiguration" do
expect(resource["Properties"]["DeploymentConfiguration"]).to eq({"MinimumHealthyPercent"=>{"Ref"=>"MinimumHealthyPercent"}, "MaximumPercent"=>{"Ref"=>"MaximumPercent"}})
end

it "to have property EnableExecuteCommand" do
expect(resource["Properties"]["EnableExecuteCommand"]).to eq(false)
end

it "to have property TaskDefinition" do
expect(resource["Properties"]["TaskDefinition"]).to eq({"Ref"=>"Task"})
end

it "to have property LaunchType" do
expect(resource["Properties"]["LaunchType"]).to eq("FARGATE")
end

it "to have property LoadBalancers" do
expect(resource["Properties"]["LoadBalancers"]).to eq([{"ContainerName"=>"nginx", "ContainerPort"=>80, "TargetGroupArn"=>{"Ref"=>"TaskTargetGroup"}}])
end

it "to have property NetworkConfiguration" do
expect(resource["Properties"]["NetworkConfiguration"]).to eq({"AwsvpcConfiguration"=>{"AssignPublicIp"=>"DISABLED", "SecurityGroups"=>[{"Ref"=>"SecurityGroup"}], "Subnets"=>{"Ref"=>"SubnetIds"}}})
end

end

context "LogGroup" do
let(:resource) { template["Resources"]["LogGroup"] }

context 'check template parameters' do
it "is of type AWS::Logs::LogGroup" do
expect(resource["Type"]).to eq("AWS::Logs::LogGroup")
end

it "to have property LogGroupName" do
expect(resource["Properties"]["LogGroupName"]).to eq({"Ref"=>"AWS::StackName"})
end

it "to have property RetentionInDays" do
expect(resource["Properties"]["RetentionInDays"]).to eq("7")
end

end

let(:parameters) { template["Parameters"] }
context "TaskRole" do
let(:resource) { template["Resources"]["TaskRole"] }

it 'has load balancer params' do
expect(parameters).to include({
"LoadBalancer" => {"Default"=>"", "NoEcho"=>false, "Type"=>"String"},
"DnsDomain" => {"Default"=>"", "NoEcho"=>false, "Type"=>"String"},
"Listener" => {"Default"=>"", "NoEcho"=>false, "Type"=>"String"}
})
it "is of type AWS::IAM::Role" do
expect(resource["Type"]).to eq("AWS::IAM::Role")
end

it "to have property AssumeRolePolicyDocument" do
expect(resource["Properties"]["AssumeRolePolicyDocument"]).to eq({"Version"=>"2012-10-17", "Statement"=>[{"Effect"=>"Allow", "Principal"=>{"Service"=>"ecs-tasks.amazonaws.com"}, "Action"=>"sts:AssumeRole"}, {"Effect"=>"Allow", "Principal"=>{"Service"=>"ssm.amazonaws.com"}, "Action"=>"sts:AssumeRole"}]})
end

it "to have property Path" do
expect(resource["Properties"]["Path"]).to eq("/")
end

it "to have property Policies" do
expect(resource["Properties"]["Policies"]).to eq([{"PolicyName"=>"fargate_default_policy", "PolicyDocument"=>{"Statement"=>[{"Sid"=>"fargatedefaultpolicy", "Action"=>["logs:GetLogEvents"], "Resource"=>[{"Fn::GetAtt"=>["LogGroup", "Arn"]}], "Effect"=>"Allow"}]}}])
end

end

context "ExecutionRole" do
let(:resource) { template["Resources"]["ExecutionRole"] }

it 'dose not have target group params' do
expect(parameters).not_to include({
"TargetGroup" => {"Default"=>"", "NoEcho"=>false, "Type"=>"String"}
})
it "is of type AWS::IAM::Role" do
expect(resource["Type"]).to eq("AWS::IAM::Role")
end

it "to have property AssumeRolePolicyDocument" do
expect(resource["Properties"]["AssumeRolePolicyDocument"]).to eq({"Version"=>"2012-10-17", "Statement"=>[{"Effect"=>"Allow", "Principal"=>{"Service"=>"ecs-tasks.amazonaws.com"}, "Action"=>"sts:AssumeRole"}, {"Effect"=>"Allow", "Principal"=>{"Service"=>"ssm.amazonaws.com"}, "Action"=>"sts:AssumeRole"}]})
end

it "to have property Path" do
expect(resource["Properties"]["Path"]).to eq("/")
end

it "to have property ManagedPolicyArns" do
expect(resource["Properties"]["ManagedPolicyArns"]).to eq(["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"])
end

end

context "Task" do
let(:resource) { template["Resources"]["Task"] }

it "is of type AWS::ECS::TaskDefinition" do
expect(resource["Type"]).to eq("AWS::ECS::TaskDefinition")
end

it "to have property ContainerDefinitions" do
expect(resource["Properties"]["ContainerDefinitions"]).to eq([{"Name"=>"proxy", "Image"=>{"Fn::Join"=>["", ["", "nginx", ":", "latest"]]}, "LogConfiguration"=>{"LogDriver"=>"awslogs", "Options"=>{"awslogs-group"=>{"Ref"=>"LogGroup"}, "awslogs-region"=>{"Ref"=>"AWS::Region"}, "awslogs-stream-prefix"=>"proxy"}}, "PortMappings"=>[{"ContainerPort"=>80}]}])
end

it "to have property RequiresCompatibilities" do
expect(resource["Properties"]["RequiresCompatibilities"]).to eq(["FARGATE"])
end

it "to have property Cpu" do
expect(resource["Properties"]["Cpu"]).to eq(256)
end

it "to have property Memory" do
expect(resource["Properties"]["Memory"]).to eq(512)
end

it "to have property NetworkMode" do
expect(resource["Properties"]["NetworkMode"]).to eq("awsvpc")
end

it "to have property TaskRoleArn" do
expect(resource["Properties"]["TaskRoleArn"]).to eq({"Ref"=>"TaskRole"})
end

it "to have property ExecutionRoleArn" do
expect(resource["Properties"]["ExecutionRoleArn"]).to eq({"Ref"=>"ExecutionRole"})
end

it "to have property Tags" do
expect(resource["Properties"]["Tags"]).to eq([{"Key"=>"Name", "Value"=>"fargatev2Task"}, {"Key"=>"Environment", "Value"=>{"Ref"=>"EnvironmentName"}}, {"Key"=>"EnvironmentType", "Value"=>{"Ref"=>"EnvironmentType"}}])
end

end

end

end
Loading

0 comments on commit d6448a4

Please sign in to comment.