Skip to content

Commit

Permalink
Added and refactored tests for docker logs cloudwatch
Browse files Browse the repository at this point in the history 
Signed-off-by: Brandon Shien <[email protected]>
  • Loading branch information
@bshien
bshien committed Jun 26, 2024
1 parent 1c5e2f1 commit d95040c
Show file tree
Hide file tree
Showing 4 changed files with 177 additions and 147 deletions.
10 changes: 5 additions & 5 deletions infrastructure/lib/constructs/canarySns.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@ export class canarySns extends SnsMonitors {
private canaryFailed(alertName: string, canary: Canary): [Alarm, string] {
const alarmObject = new cloudwatch.Alarm(this, `error_alarm_${alertName}`, {
metric: canary.metricSuccessPercent({
period: Duration.minutes(5)
period: Duration.minutes(15)
}),
threshold: 100,
evaluationPeriods: 3,
comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_THRESHOLD,
datapointsToAlarm: 3,
threshold: 0,
evaluationPeriods: 1,
comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_OR_EQUAL_TO_THRESHOLD,
datapointsToAlarm: 1,
treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
alarmDescription: "Detect Canary failure",
alarmName: alertName,
Expand Down
6 changes: 3 additions & 3 deletions infrastructure/test/monitoring-stack.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ test('Monitoring Stack Test', () => {
],
"AlarmDescription": "Detect Canary failure",
"AlarmName": "Canary_failed_MetricsWorkflow",
"ComparisonOperator": "LessThanThreshold",
"ComparisonOperator": "LessThanOrEqualToThreshold",
"DatapointsToAlarm": 1,
"Dimensions": [
{
Expand All @@ -224,9 +224,9 @@ test('Monitoring Stack Test', () => {
"EvaluationPeriods": 1,
"MetricName": "SuccessPercent",
"Namespace": "CloudWatchSynthetics",
"Period": 300,
"Period": 900,
"Statistic": "Average",
"Threshold": 50,
"Threshold": 0,
"TreatMissingData": "notBreaching"
});
});
177 changes: 40 additions & 137 deletions infrastructure/test/nginx.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,148 +79,51 @@ test('OpenSearchMetricsNginxReadonly Stack Test', () => {
}
],
});
});

test('OpenSearchMetricsNginxCognito Test', () => {
const app = new App();
const openSearchDomainStack = new OpenSearchDomainStack(app, 'Test-OpenSearchHealth-OpenSearch', {
region: "us-east-1",
account: "test-account",
vpcStack: new VpcStack(app, 'OpenSearchHealth-VPC', {}),
enableNginxCognito: true,
jenkinsAccess: {
jenkinsAccountRoles: [
new ArnPrincipal(Project.JENKINS_MASTER_ROLE),
new ArnPrincipal(Project.JENKINS_AGENT_ROLE)
]
}
});
const openSearchDomainStackTemplate = Template.fromStack(openSearchDomainStack);
openSearchDomainStackTemplate.resourceCountIs('AWS::Route53::RecordSet', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::Route53::RecordSet', {
"Name": `${Project.METRICS_COGNITO_HOSTED_ZONE}.`,
"Type": "A"
});

openSearchDomainStackTemplate.resourceCountIs('AWS::AutoScaling::LaunchConfiguration', 1);
openSearchDomainStackTemplate.resourceCountIs('AWS::EC2::SecurityGroup', 2);
openSearchDomainStackTemplate.hasResourceProperties('AWS::EC2::SecurityGroup', {
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
}
]
});
openSearchDomainStackTemplate.hasResourceProperties('AWS::EC2::SecurityGroup', {
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow from anyone on port 443",
"FromPort": 443,
"IpProtocol": "tcp",
"ToPort": 443
}
]
});
openSearchDomainStackTemplate.hasResourceProperties('AWS::IAM::Role', {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
template.resourceCountIs('AWS::IAM::Policy', 1);
template.hasResourceProperties('AWS::IAM::Policy', {
"PolicyDocument": {
"Statement": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonSSMManagedInstanceCore"
"Action": [
"es:Describe*",
"es:List*",
"es:Get*",
"es:ESHttpGet",
"es:ESHttpPost",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:es:::domain/",
{
"Fn::ImportValue": "OpenSearchHealth-OpenSearch:ExportsOutputRefOpenSearchHealthDomainD942887BFEBF5289"
},
"/*"
]
]
]
}
],
"RoleName": "OpenSearchCognitoUserAccess"
})
openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::LoadBalancer', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', {
"LoadBalancerAttributes": [
{
"Key": "deletion_protection.enabled",
"Value": "false"
}
],
"Scheme": "internet-facing",
"Type": "application"
});
openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::Listener', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', {
"Port": 443,
"Protocol": "HTTPS"
});
openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::TargetGroup', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::TargetGroup', {
"HealthCheckPath": "/",
"HealthCheckPort": "80",
"Port": 443,
"Protocol": "HTTPS",
"TargetGroupAttributes": [
{
"Key": "stickiness.enabled",
"Value": "false"
}
],
"TargetType": "instance",
"VpcId": {
"Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcB885AABED860B3EB"
}
});
openSearchDomainStackTemplate.resourceCountIs('AWS::AutoScaling::AutoScalingGroup', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::AutoScaling::AutoScalingGroup', {
"DesiredCapacity": "1",
"HealthCheckGracePeriod": 90,
"HealthCheckType": "EC2",
"LaunchConfigurationName": {
"Ref": "OpenSearchMetricsNginxOpenSearchMetricsCognitoMetricsProxyAsgLaunchConfig8D060946"
},
"MaxSize": "1",
"MinSize": "1",
"Tags": [
{
"Key": "name",
"PropagateAtLaunch": true,
"Value": "OpenSearchMetricsCognito-NginxProxyHost"
}
},
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "OpenSearchMetricsCognito"
}
],
"TargetGroupARNs": [
{
"Ref": "OpenSearchMetricsNginxOpenSearchMetricsCognitoNginxProxyAlbOpenSearchMetricsCognitoNginxProxyAlbListenerOpenSearchMetricsCognitoNginxProxyAlbTargetGroup8E449B4A"
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:::log-group:OpenSearchMetrics/aws-sigv4-proxy.log:*"
}
],
"VPCZoneIdentifier": [
{
"Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcPrivateSubnet1Subnet529349B600974078"
},
{
"Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcPrivateSubnet2SubnetBA599EDB2BEEEA30"
}
]
"Version": "2012-10-17"
},
"PolicyName": "OpenSearchMetricsReadonlyNginxProxyRoleDefaultPolicy8EDC749D",
"Roles": [
{
"Ref": "OpenSearchMetricsReadonlyNginxProxyRoleE26CC937"
}
]
});

});

131 changes: 129 additions & 2 deletions infrastructure/test/opensearch-stack.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ import {VpcStack} from "../lib/stacks/vpc";

test('OpenSearchDomain Stack Test', () => {
const app = new App();
const openSearchDomainStack = new OpenSearchDomainStack(app, 'Test-OpenSearchHealth-OpenSearch', {
const openSearchDomainStack = new OpenSearchDomainStack(app, 'OpenSearchHealth-OpenSearch', {
region: "us-east-1",
account: "test-account",
vpcStack: new VpcStack(app, 'Test-OpenSearchHealth-VPC', {}),
vpcStack: new VpcStack(app, 'OpenSearchHealth-VPC', {}),
enableNginxCognito: true,
jenkinsAccess: {
jenkinsAccountRoles: [
Expand Down Expand Up @@ -94,4 +94,131 @@ test('OpenSearchDomain Stack Test', () => {
}
}
});

openSearchDomainStackTemplate.resourceCountIs('AWS::Route53::RecordSet', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::Route53::RecordSet', {
"Name": `${Project.METRICS_COGNITO_HOSTED_ZONE}.`,
"Type": "A"
});

openSearchDomainStackTemplate.resourceCountIs('AWS::AutoScaling::LaunchConfiguration', 1);
openSearchDomainStackTemplate.resourceCountIs('AWS::EC2::SecurityGroup', 2);
openSearchDomainStackTemplate.hasResourceProperties('AWS::EC2::SecurityGroup', {
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
}
]
});
openSearchDomainStackTemplate.hasResourceProperties('AWS::EC2::SecurityGroup', {
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow from anyone on port 443",
"FromPort": 443,
"IpProtocol": "tcp",
"ToPort": 443
}
]
});
openSearchDomainStackTemplate.hasResourceProperties('AWS::IAM::Role', {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonSSMManagedInstanceCore"
]
]
}
],
"RoleName": "OpenSearchCognitoUserAccess"
})
openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::LoadBalancer', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', {
"LoadBalancerAttributes": [
{
"Key": "deletion_protection.enabled",
"Value": "false"
}
],
"Scheme": "internet-facing",
"Type": "application"
});
openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::Listener', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', {
"Port": 443,
"Protocol": "HTTPS"
});
openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::TargetGroup', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::TargetGroup', {
"HealthCheckPath": "/",
"HealthCheckPort": "80",
"Port": 443,
"Protocol": "HTTPS",
"TargetGroupAttributes": [
{
"Key": "stickiness.enabled",
"Value": "false"
}
],
"TargetType": "instance",
"VpcId": {
"Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcB885AABED860B3EB"
}
});
openSearchDomainStackTemplate.resourceCountIs('AWS::AutoScaling::AutoScalingGroup', 1);
openSearchDomainStackTemplate.hasResourceProperties('AWS::AutoScaling::AutoScalingGroup', {
"DesiredCapacity": "1",
"HealthCheckGracePeriod": 90,
"HealthCheckType": "EC2",
"LaunchConfigurationName": {
"Ref": "OpenSearchMetricsNginxOpenSearchMetricsCognitoMetricsProxyAsgLaunchConfig8D060946"
},
"MaxSize": "1",
"MinSize": "1",
"Tags": [
{
"Key": "name",
"PropagateAtLaunch": true,
"Value": "OpenSearchMetricsCognito-NginxProxyHost"
},
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "OpenSearchMetricsCognito"
}
],
"TargetGroupARNs": [
{
"Ref": "OpenSearchMetricsNginxOpenSearchMetricsCognitoNginxProxyAlbOpenSearchMetricsCognitoNginxProxyAlbListenerOpenSearchMetricsCognitoNginxProxyAlbTargetGroup8E449B4A"
}
],
"VPCZoneIdentifier": [
{
"Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcPrivateSubnet1Subnet529349B600974078"
},
{
"Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcPrivateSubnet2SubnetBA599EDB2BEEEA30"
}
]
});
});

0 comments on commit d95040c

Please sign in to comment.