zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

streamline hub and spoke firewall test

This commit is contained in:
Ludovico Magnocavallo 2019-11-05 06:43:16 +01:00
parent 0c4d7322af
commit ed5ad55776
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tests/infrastructure/hub_and_spoke_vpns/test_firewall.py
View File

@ -17,22 +17,20 @@
import pytest
@pytest.fixture(scope='module')
def firewall_modules(plan):
names = [name for name in plan.modules.keys() if name.startswith('module.firewall-')]
return dict((name, plan.modules[name]) for name in names)
return [v for k, v in plan.modules.items() if k.startswith('module.firewall-')]
def test_firewall_rules(plan, firewall_modules):
"Test that the hub and spoke VPCs have allow-admin firewall rules"
names = ['%s_subnets' %
name for name in ('hub', 'spoke_1', 'spoke_2')]
source_ranges = []
for name in names:
subnets = plan.variables[name]
for subnet in subnets:
source_ranges.append(subnet['subnet_ip'])
for mod in firewall_modules.values():
for k in plan.variables:
if not k.endswith('_subnets'):
continue
source_ranges += [s['subnet_ip'] for s in plan.variables[k]]
for mod in firewall_modules:
allow_admins_resource = mod.resources['google_compute_firewall.allow-admins[0]']
allow_ssh = mod.resources['google_compute_firewall.allow-tag-ssh[0]']
assert allow_admins_resource['values']['source_ranges'] == source_ranges