Skip to content

Commit

Permalink
network and security tests are working
Browse files Browse the repository at this point in the history
  • Loading branch information
@chrislovecnm
chrislovecnm committed Oct 26, 2017
1 parent dc338c4 commit 0dc7a6e
Show file tree
Hide file tree
Showing 3 changed files with 212 additions and 10 deletions.
12 changes: 2 additions & 10 deletions cmd/kops/integration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,6 @@ func TestSharedVPC(t *testing.T) {

// TestPhaseNetwork tests the output of tf for the network phase
func TestPhaseNetwork(t *testing.T) {
t.Skip("unable to pass test w/o removing elb stuff")
runTestPhase(t, "privateweave.example.com", "lifecycle_phases", "v1alpha2", true, 1, cloudup.PhaseNetwork)
}

Expand All @@ -151,13 +150,6 @@ func TestPhaseCluster(t *testing.T) {
runTestPhase(t, "privateweave.example.com", "lifecycle_phases", "v1alpha2", true, 1, cloudup.PhaseCluster)
}

// TestPhaseCluster tests the output of tf for the loadbalancer phase
func TestPhaseLoadBalancers(t *testing.T) {
t.Skip("unable to test until phase is created")
// TODO
// runTestPhase(t, "privateweave.example.com", "lifecycle_phases", "v1alpha2", true, 1, cloudup.LoadBalancers)
}

func runTest(t *testing.T, h *testutils.IntegrationTestHarness, clusterName string, srcDir string, version string, private bool, zones int, expectedFilenames []string, tfFileName string, phase *cloudup.Phase) {
var stdout bytes.Buffer

Expand Down Expand Up @@ -257,8 +249,8 @@ func runTest(t *testing.T, h *testutils.IntegrationTestHarness, clusterName stri
}
}

// Compare data files
{
// Compare data files if they are provided
if len(expectedFilenames) > 0 {
files, err := ioutil.ReadDir(path.Join(h.TempDir, "out", "data"))
if err != nil {
t.Fatalf("failed to read data dir: %v", err)
Expand Down
2 changes: 2 additions & 0 deletions tests/integration/update_cluster/lifecycle_phases/network-kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ resource "aws_subnet" "us-test-1a-privateweave-example-com" {
KubernetesCluster = "privateweave.example.com"
Name = "us-test-1a.privateweave.example.com"
"kubernetes.io/cluster/privateweave.example.com" = "owned"
"kubernetes.io/role/internal-elb" = "1"
}
}

Expand All @@ -93,6 +94,7 @@ resource "aws_subnet" "utility-us-test-1a-privateweave-example-com" {
KubernetesCluster = "privateweave.example.com"
Name = "utility-us-test-1a.privateweave.example.com"
"kubernetes.io/cluster/privateweave.example.com" = "owned"
"kubernetes.io/role/elb" = "1"
}
}

Expand Down
208 changes: 208 additions & 0 deletions tests/integration/update_cluster/lifecycle_phases/security-kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,214 @@ resource "aws_key_pair" "kubernetes-privateweave-example-com-c4a6ed9aa889b9e2c39
public_key = "${file("${path.module}/data/aws_key_pair_kubernetes.privateweave.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key")}"
}

resource "aws_security_group" "api-elb-privateweave-example-com" {
name = "api-elb.privateweave.example.com"
vpc_id = "${aws_vpc.privateweave-example-com.id}"
description = "Security group for api ELB"

tags = {
KubernetesCluster = "privateweave.example.com"
Name = "api-elb.privateweave.example.com"
}
}

resource "aws_security_group" "bastion-elb-privateweave-example-com" {
name = "bastion-elb.privateweave.example.com"
vpc_id = "${aws_vpc.privateweave-example-com.id}"
description = "Security group for bastion ELB"

tags = {
KubernetesCluster = "privateweave.example.com"
Name = "bastion-elb.privateweave.example.com"
}
}

resource "aws_security_group" "bastion-privateweave-example-com" {
name = "bastion.privateweave.example.com"
vpc_id = "${aws_vpc.privateweave-example-com.id}"
description = "Security group for bastion"

tags = {
KubernetesCluster = "privateweave.example.com"
Name = "bastion.privateweave.example.com"
}
}

resource "aws_security_group" "masters-privateweave-example-com" {
name = "masters.privateweave.example.com"
vpc_id = "${aws_vpc.privateweave-example-com.id}"
description = "Security group for masters"

tags = {
KubernetesCluster = "privateweave.example.com"
Name = "masters.privateweave.example.com"
}
}

resource "aws_security_group" "nodes-privateweave-example-com" {
name = "nodes.privateweave.example.com"
vpc_id = "${aws_vpc.privateweave-example-com.id}"
description = "Security group for nodes"

tags = {
KubernetesCluster = "privateweave.example.com"
Name = "nodes.privateweave.example.com"
}
}

resource "aws_security_group_rule" "all-master-to-master" {
type = "ingress"
security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
}

resource "aws_security_group_rule" "all-master-to-node" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
}

resource "aws_security_group_rule" "all-node-to-node" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
}

resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
security_group_id = "${aws_security_group.api-elb-privateweave-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "bastion-egress" {
type = "egress"
security_group_id = "${aws_security_group.bastion-privateweave-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
security_group_id = "${aws_security_group.bastion-elb-privateweave-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.bastion-privateweave-example-com.id}"
from_port = 22
to_port = 22
protocol = "tcp"
}

resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.bastion-privateweave-example-com.id}"
from_port = 22
to_port = 22
protocol = "tcp"
}

resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.api-elb-privateweave-example-com.id}"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "https-elb-to-master" {
type = "ingress"
security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.api-elb-privateweave-example-com.id}"
from_port = 443
to_port = 443
protocol = "tcp"
}

resource "aws_security_group_rule" "master-egress" {
type = "egress"
security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "node-egress" {
type = "egress"
security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "node-to-master-tcp-1-4000" {
type = "ingress"
security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}"
from_port = 1
to_port = 4000
protocol = "tcp"
}

resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
type = "ingress"
security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}"
from_port = 4003
to_port = 65535
protocol = "tcp"
}

resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
type = "ingress"
security_group_id = "${aws_security_group.masters-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-privateweave-example-com.id}"
from_port = 1
to_port = 65535
protocol = "udp"
}

resource "aws_security_group_rule" "ssh-elb-to-bastion" {
type = "ingress"
security_group_id = "${aws_security_group.bastion-privateweave-example-com.id}"
source_security_group_id = "${aws_security_group.bastion-elb-privateweave-example-com.id}"
from_port = 22
to_port = 22
protocol = "tcp"
}

resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.bastion-elb-privateweave-example-com.id}"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

terraform = {
required_version = ">= 0.9.3"
}

0 comments on commit 0dc7a6e

Please sign in to comment.