github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/topgun/core/aws_ssm_test.go

github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/topgun/core/aws_ssm_test.go (about)

     1  package topgun_test
     2  
     3  import (
     4  	"encoding/json"
     5  
     6  	"github.com/aws/aws-sdk-go/aws"
     7  	"github.com/aws/aws-sdk-go/aws/credentials"
     8  	"github.com/aws/aws-sdk-go/aws/session"
     9  	"github.com/aws/aws-sdk-go/service/ssm"
    10  
    11  	. "github.com/pf-qiu/concourse/v6/topgun"
    12  	. "github.com/pf-qiu/concourse/v6/topgun/common"
    13  	. "github.com/onsi/ginkgo"
    14  	. "github.com/onsi/gomega"
    15  )
    16  
    17  var _ = Describe("AWS SSM", func() {
    18  	var ssmAPI *ssm.SSM
    19  	var awsRegion string
    20  	var awsCreds credentials.Value
    21  
    22  	BeforeEach(func() {
    23  		awsSession, err := session.NewSession()
    24  		if err != nil {
    25  			Skip("can not create AWS session")
    26  		}
    27  
    28  		ssmAPI = ssm.New(awsSession)
    29  		awsRegion = *ssmAPI.Config.Region
    30  		awsCreds, err = ssmAPI.Config.Credentials.Get()
    31  		if err != nil {
    32  			Skip("can not retrive AWS credentials")
    33  		}
    34  	})
    35  
    36  	Describe("A deployment with SSM", func() {
    37  		BeforeEach(func() {
    38  			sessionToken := awsCreds.SessionToken
    39  			if sessionToken == "" {
    40  				sessionToken = `""`
    41  			}
    42  			Deploy(
    43  				"deployments/concourse.yml",
    44  				"-o", "operations/configure-ssm.yml",
    45  				"-v", "aws_region="+awsRegion,
    46  				"-v", "aws_access_key="+awsCreds.AccessKeyID,
    47  				"-v", "aws_secret_key="+awsCreds.SecretAccessKey,
    48  				"-v", "aws_session_token="+sessionToken,
    49  			)
    50  		})
    51  
    52  		Context("/api/v1/info/creds", func() {
    53  			type responseSkeleton struct {
    54  				Ssm struct {
    55  					AwsRegion string `json:"aws_region"`
    56  					Health    struct {
    57  						Response struct {
    58  							Status string `json:"status"`
    59  						} `json:"response"`
    60  						Error string `json:"error,omitempty"`
    61  					} `json:"health"`
    62  					PipelineSecretTemplate string `json:"pipeline_secret_template"`
    63  					TeamSecretTemplate     string `json:"team_secret_template"`
    64  				} `json:"ssm"`
    65  			}
    66  
    67  			var (
    68  				atcURL         string
    69  				parsedResponse responseSkeleton
    70  			)
    71  
    72  			BeforeEach(func() {
    73  				atcURL = "http://" + JobInstance("web").IP + ":8080"
    74  			})
    75  
    76  			JustBeforeEach(func() {
    77  				token, err := FetchToken(atcURL, AtcUsername, AtcPassword)
    78  				Expect(err).ToNot(HaveOccurred())
    79  
    80  				body, err := RequestCredsInfo(atcURL, token.AccessToken)
    81  				Expect(err).ToNot(HaveOccurred())
    82  
    83  				err = json.Unmarshal(body, &parsedResponse)
    84  				Expect(err).ToNot(HaveOccurred())
    85  			})
    86  
    87  			It("contains ssm config", func() {
    88  				Expect(parsedResponse.Ssm.AwsRegion).To(Equal(awsRegion))
    89  				Expect(parsedResponse.Ssm.Health).ToNot(BeNil())
    90  				Expect(parsedResponse.Ssm.Health.Error).To(BeEmpty())
    91  				Expect(parsedResponse.Ssm.Health.Response).ToNot(BeNil())
    92  				Expect(parsedResponse.Ssm.Health.Response.Status).To(Equal("UP"))
    93  			})
    94  		})
    95  
    96  		testCredentialManagement(func() {
    97  			secrets := map[string]string{
    98  				"/concourse-topgun/main/team_secret":                              "some_team_secret",
    99  				"/concourse-topgun/main/pipeline-creds-test/assertion_script":     assertionScript,
   100  				"/concourse-topgun/main/pipeline-creds-test/canary":               "some_canary",
   101  				"/concourse-topgun/main/pipeline-creds-test/resource_type_secret": "some_resource_type_secret",
   102  				"/concourse-topgun/main/pipeline-creds-test/resource_secret":      "some_resource_secret",
   103  				"/concourse-topgun/main/pipeline-creds-test/job_secret/username":  "some_username",
   104  				"/concourse-topgun/main/pipeline-creds-test/job_secret/password":  "some_password",
   105  				"/concourse-topgun/main/pipeline-creds-test/resource_version":     "some_exposed_version_secret",
   106  			}
   107  
   108  			for name, value := range secrets {
   109  				_, err := ssmAPI.PutParameter(&ssm.PutParameterInput{
   110  					Name:      aws.String(name),
   111  					Value:     aws.String(value),
   112  					Type:      aws.String("SecureString"),
   113  					Overwrite: aws.Bool(true),
   114  				})
   115  				Expect(err).To(BeNil())
   116  			}
   117  		}, func() {
   118  			secrets := map[string]string{
   119  				"/concourse-topgun/main/team_secret":      "some_team_secret",
   120  				"/concourse-topgun/main/resource_version": "some_exposed_version_secret",
   121  			}
   122  
   123  			for name, value := range secrets {
   124  				_, err := ssmAPI.PutParameter(&ssm.PutParameterInput{
   125  					Name:      aws.String(name),
   126  					Value:     aws.String(value),
   127  					Type:      aws.String("SecureString"),
   128  					Overwrite: aws.Bool(true),
   129  				})
   130  				Expect(err).To(BeNil())
   131  			}
   132  		})
   133  	})
   134  })