2020-01-03 22:16:39 +00:00
|
|
|
// Copyright 2016-2020, Pulumi Corporation. All rights reserved.
|
|
|
|
|
|
|
|
package ints
|
|
|
|
|
|
|
|
import (
|
2020-01-16 20:04:51 +00:00
|
|
|
"encoding/json"
|
2020-01-03 22:16:39 +00:00
|
|
|
"fmt"
|
|
|
|
"os"
|
|
|
|
"strings"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
2021-03-17 13:20:05 +00:00
|
|
|
ptesting "github.com/pulumi/pulumi/sdk/v3/go/common/testing"
|
2020-01-03 22:16:39 +00:00
|
|
|
)
|
|
|
|
|
2020-03-24 20:30:36 +00:00
|
|
|
// TestPolicyWithConfig runs integration tests against the policy pack in the policy_pack_w_config
|
|
|
|
// directory using version 0.4.1-dev of the pulumi/policy sdk.
|
2022-09-14 02:12:02 +00:00
|
|
|
//
|
2022-03-04 08:17:41 +00:00
|
|
|
//nolint:paralleltest // mutates environment variables
|
2020-03-24 20:30:36 +00:00
|
|
|
func TestPolicyWithConfig(t *testing.T) {
|
2020-04-02 22:45:00 +00:00
|
|
|
t.Skip("Skip test that is causing unrelated tests to fail - pulumi/pulumi#4149")
|
|
|
|
|
2020-03-24 20:30:36 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Confirm we have credentials.
|
|
|
|
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
|
|
|
|
t.Fatal("PULUMI_ACCESS_TOKEN not found, aborting tests.")
|
|
|
|
}
|
2020-03-21 19:37:42 +00:00
|
|
|
|
2020-03-24 20:30:36 +00:00
|
|
|
name, _ := e.RunCommand("pulumi", "whoami")
|
|
|
|
orgName := strings.TrimSpace(name)
|
|
|
|
// Pack and push a Policy Pack for the organization.
|
|
|
|
policyPackName := fmt.Sprintf("%s-%x", "test-policy-pack", time.Now().UnixNano())
|
|
|
|
e.ImportDirectory("policy_pack_w_config")
|
|
|
|
e.RunCommand("yarn", "install")
|
2022-07-24 09:41:44 +00:00
|
|
|
t.Setenv("TEST_POLICY_PACK", policyPackName)
|
2020-03-24 20:30:36 +00:00
|
|
|
|
|
|
|
// Publish the Policy Pack twice.
|
|
|
|
publishPolicyPackWithVersion(e, orgName, `"0.0.1"`)
|
|
|
|
publishPolicyPackWithVersion(e, orgName, `"0.0.2"`)
|
|
|
|
|
|
|
|
// Check the policy ls commands.
|
|
|
|
packsOutput, _ := e.RunCommand("pulumi", "policy", "ls", "--json")
|
|
|
|
var packs []policyPacksJSON
|
|
|
|
assertJSON(e, packsOutput, &packs)
|
|
|
|
|
|
|
|
groupsOutput, _ := e.RunCommand("pulumi", "policy", "group", "ls", "--json")
|
|
|
|
var groups []policyGroupsJSON
|
|
|
|
assertJSON(e, groupsOutput, &groups)
|
|
|
|
|
|
|
|
// Enable, Disable and then Delete the Policy Pack.
|
|
|
|
e.RunCommand("pulumi", "policy", "enable", fmt.Sprintf("%s/%s", orgName, policyPackName), "0.0.1")
|
|
|
|
|
2020-03-27 16:54:26 +00:00
|
|
|
// Validate Policy Pack Configuration.
|
|
|
|
e.RunCommand("pulumi", "policy", "validate-config", fmt.Sprintf("%s/%s", orgName, policyPackName),
|
|
|
|
"--config=configs/valid-config.json", "0.0.1")
|
|
|
|
// Valid config, but no version specified.
|
|
|
|
e.RunCommandExpectError("pulumi", "policy", "validate-config", fmt.Sprintf("%s/%s", orgName, policyPackName),
|
|
|
|
"--config=configs/config.json")
|
|
|
|
// Invalid configs
|
|
|
|
e.RunCommandExpectError("pulumi", "policy", "validate-config", fmt.Sprintf("%s/%s", orgName, policyPackName),
|
|
|
|
"--config=configs/invalid-config.json", "0.0.1")
|
|
|
|
// Invalid - missing required property.
|
|
|
|
e.RunCommandExpectError("pulumi", "policy", "validate-config", fmt.Sprintf("%s/%s", orgName, policyPackName),
|
|
|
|
"--config=configs/invalid-required-prop.json", "0.0.1")
|
|
|
|
// Required config flag not present.
|
|
|
|
e.RunCommandExpectError("pulumi", "policy", "validate-config", fmt.Sprintf("%s/%s", orgName, policyPackName))
|
|
|
|
e.RunCommandExpectError("pulumi", "policy", "validate-config", fmt.Sprintf("%s/%s", orgName, policyPackName),
|
|
|
|
"--config", "0.0.1")
|
|
|
|
|
2020-03-24 20:30:36 +00:00
|
|
|
// Enable Policy Pack with Configuration.
|
|
|
|
e.RunCommand("pulumi", "policy", "enable", fmt.Sprintf("%s/%s", orgName, policyPackName),
|
|
|
|
"--config=configs/valid-config.json", "0.0.1")
|
|
|
|
e.RunCommandExpectError("pulumi", "policy", "enable", fmt.Sprintf("%s/%s", orgName, policyPackName),
|
|
|
|
"--config=configs/invalid-config.json", "0.0.1")
|
|
|
|
|
|
|
|
// Disable Policy Pack specifying version.
|
|
|
|
e.RunCommand("pulumi", "policy", "disable", fmt.Sprintf("%s/%s", orgName, policyPackName), "--version=0.0.1")
|
|
|
|
|
|
|
|
// Enable and Disable without specifying the version number.
|
|
|
|
e.RunCommand("pulumi", "policy", "enable", fmt.Sprintf("%s/%s", orgName, policyPackName), "latest")
|
|
|
|
e.RunCommand("pulumi", "policy", "disable", fmt.Sprintf("%s/%s", orgName, policyPackName))
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "policy", "rm", fmt.Sprintf("%s/%s", orgName, policyPackName), "0.0.1")
|
|
|
|
e.RunCommand("pulumi", "policy", "rm", fmt.Sprintf("%s/%s", orgName, policyPackName), "all")
|
|
|
|
}
|
|
|
|
|
|
|
|
// TestPolicyWithoutConfig runs integration tests against the policy pack in the policy_pack_w_config
|
2020-03-30 00:55:08 +00:00
|
|
|
// directory. This tests against version 0.4.0 of the pulumi/policy sdk, prior to policy config being supported.
|
2022-09-14 02:12:02 +00:00
|
|
|
//
|
2022-03-04 08:17:41 +00:00
|
|
|
//nolint:paralleltest // mutates environment variables
|
2020-03-24 20:30:36 +00:00
|
|
|
func TestPolicyWithoutConfig(t *testing.T) {
|
2020-04-02 22:45:00 +00:00
|
|
|
t.Skip("Skip test that is causing unrelated tests to fail - pulumi/pulumi#4149")
|
|
|
|
|
2020-01-03 22:16:39 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Confirm we have credentials.
|
|
|
|
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
|
|
|
|
t.Fatal("PULUMI_ACCESS_TOKEN not found, aborting tests.")
|
|
|
|
}
|
|
|
|
|
|
|
|
name, _ := e.RunCommand("pulumi", "whoami")
|
|
|
|
orgName := strings.TrimSpace(name)
|
|
|
|
|
|
|
|
// Pack and push a Policy Pack for the organization.
|
|
|
|
policyPackName := fmt.Sprintf("%s-%x", "test-policy-pack", time.Now().UnixNano())
|
2020-03-24 20:30:36 +00:00
|
|
|
e.ImportDirectory("policy_pack_wo_config")
|
2020-01-03 22:16:39 +00:00
|
|
|
e.RunCommand("yarn", "install")
|
2022-07-24 09:41:44 +00:00
|
|
|
t.Setenv("TEST_POLICY_PACK", policyPackName)
|
2020-01-27 18:35:34 +00:00
|
|
|
|
|
|
|
// Publish the Policy Pack twice.
|
|
|
|
e.RunCommand("pulumi", "policy", "publish", orgName)
|
2020-01-03 22:16:39 +00:00
|
|
|
e.RunCommand("pulumi", "policy", "publish", orgName)
|
|
|
|
|
2020-01-16 20:04:51 +00:00
|
|
|
// Check the policy ls commands.
|
|
|
|
packsOutput, _ := e.RunCommand("pulumi", "policy", "ls", "--json")
|
|
|
|
var packs []policyPacksJSON
|
|
|
|
assertJSON(e, packsOutput, &packs)
|
|
|
|
|
|
|
|
groupsOutput, _ := e.RunCommand("pulumi", "policy", "group", "ls", "--json")
|
|
|
|
var groups []policyGroupsJSON
|
|
|
|
assertJSON(e, groupsOutput, &groups)
|
|
|
|
|
2020-01-03 22:16:39 +00:00
|
|
|
// Enable, Disable and then Delete the Policy Pack.
|
|
|
|
e.RunCommand("pulumi", "policy", "enable", fmt.Sprintf("%s/%s", orgName, policyPackName), "1")
|
2020-01-22 23:17:00 +00:00
|
|
|
e.RunCommand("pulumi", "policy", "disable", fmt.Sprintf("%s/%s", orgName, policyPackName), "--version=1")
|
|
|
|
|
|
|
|
// Enable and Disable without specifying the version number.
|
2020-01-27 18:35:34 +00:00
|
|
|
e.RunCommand("pulumi", "policy", "enable", fmt.Sprintf("%s/%s", orgName, policyPackName), "latest")
|
2020-01-22 23:17:00 +00:00
|
|
|
e.RunCommand("pulumi", "policy", "disable", fmt.Sprintf("%s/%s", orgName, policyPackName))
|
|
|
|
|
2020-01-03 22:16:39 +00:00
|
|
|
e.RunCommand("pulumi", "policy", "rm", fmt.Sprintf("%s/%s", orgName, policyPackName), "1")
|
2020-01-27 18:35:34 +00:00
|
|
|
e.RunCommand("pulumi", "policy", "rm", fmt.Sprintf("%s/%s", orgName, policyPackName), "all")
|
2020-01-03 22:16:39 +00:00
|
|
|
}
|
2020-01-16 20:04:51 +00:00
|
|
|
|
|
|
|
type policyPacksJSON struct {
|
2020-02-25 01:11:56 +00:00
|
|
|
Name string `json:"name"`
|
|
|
|
Versions []string `json:"versions"`
|
2020-01-16 20:04:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type policyGroupsJSON struct {
|
|
|
|
Name string `json:"name"`
|
|
|
|
Default bool `json:"default"`
|
|
|
|
NumPolicyPacks int `json:"numPolicyPacks"`
|
|
|
|
NumStacks int `json:"numStacks"`
|
|
|
|
}
|
|
|
|
|
2023-01-11 16:02:24 +00:00
|
|
|
//nolint:unused // Used by skipped test
|
2020-01-16 20:04:51 +00:00
|
|
|
func assertJSON(e *ptesting.Environment, out string, respObj interface{}) {
|
|
|
|
err := json.Unmarshal([]byte(out), &respObj)
|
|
|
|
if err != nil {
|
|
|
|
e.Errorf("unable to unmarshal %v", out)
|
|
|
|
}
|
|
|
|
}
|
2020-03-24 20:30:36 +00:00
|
|
|
|
|
|
|
// publishPolicyPackWithVersion updates the version in package.json so we can
|
|
|
|
// dynamically publish different versions for testing.
|
2023-01-11 16:02:24 +00:00
|
|
|
//
|
|
|
|
//nolint:unused // Used by skipped test
|
2020-03-24 20:30:36 +00:00
|
|
|
func publishPolicyPackWithVersion(e *ptesting.Environment, orgName, version string) {
|
|
|
|
cmd := fmt.Sprintf(`sed 's/{ policyVersion }/%s/g' package.json.tmpl | tee package.json`, version)
|
|
|
|
e.RunCommand("bash", "-c", cmd)
|
|
|
|
e.RunCommand("pulumi", "policy", "publish", orgName)
|
|
|
|
}
|